May 1st was finally the law on the "sovereign Internet", but experts almost immediately dubbed it the isolation of the Russian segment of the Internet, so from what? (in plain language)
The article aims to provide general information to Internet users without diving into excessive jungle and abstruse terminology. The article explains simple things for many, but for many does not mean for everyone. And also to dispel the myth about the political component of criticism of this law.
How does the Internet work?
Let's start with the basics. The Internet network consists of clients, routers and infrastructure, works through the IP protocol
(v4 address looks like this: 0-255.0-255.0-255.0-255)
Clients are user computers themselves, the one you are sitting at and reading this article. They have a connection with neighboring (directly connected) routers. Clients send data to an address or range of addresses of other clients.
Routers - Connected to neighboring routers and can be connected to neighboring clients. They do not have their own unique (only for redirection) IP address, but are responsible for a whole range of addresses. Their task is to determine whether they have clients with the requested address or whether they need to send data to other routers, here they also need to determine which of the neighbors is responsible for the desired range of addresses.
Routers can be at different levels: provider, country, region, city, district, and even at home, you most likely have your own router. And they all have their own ranges of addresses.
Infrastructure is traffic exchange points, satellite connections, continental entrances, etc. they are needed to combine routers with other routers that belong to other operators, countries, types of communication.
How can data be transferred?
As you understand, the clients themselves and the routers are somehow connected. It can be:
Wires
- By land
Backbone network of Rostelecom
- Under the water
Transoceanic submarine cables
Air
These are Wi-Fi, LTE, WiMax and radio bridges of operators that are used where it is difficult to lay wires. They do not build full-fledged provider networks, they are usually a continuation of wired networks.
Kosmos
Satellites can serve both ordinary users and be part of the infrastructure of providers.
ISATEL satellite coverage map
The Internet is a network
As you can see, the Internet is all about neighbors and neighbors of neighbors. At this level of networking, there are no centers and red buttons for the entire internet. That is, evil America cannot stop traffic between two Russian cities, between a Russian and a Chinese city, between a Russian and an Australian city, no matter how much they want to. The only thing they can do is drop bombs on routers, but that's not a network threat level at all.
in fact, there are centers, only shhh ...
but these centers are extremely informative, that is, they say that this is the address of such and such a country, such and such a device, such and such a manufacturer, etc. without this data, nothing changes for the network.
It's all the fault of the little people!
A level above pure data is our visited, World Wide Web. The principle of operation of the protocols in it lies in human-readable data. Starting from site addresses, for example, google.ru differs from machine 64.233.161.94. And ending with the Http protocol itself and JavaScript code, you can read all of them, maybe not in your native language, but in a human language without any transformations.
This is the root of evil.
In order to translate human-readable addresses into addresses understandable to routers, registries of these same addresses are needed. Just as there are state registers of administrative addresses by type: Lenina street, 16 - Ivan Ivanovich Ivanov lives. So there is a common global registry, where it is indicated: google.ru - 64.233.161.94.
And it is located in America. So, here's how we will be disconnected from the Internet!
In fact, everything is not so simple.
According to
ICANN is a contractor of the international community for the execution of the IANA function without the control of governments (primarily the US government), so the corporation can be considered international, despite registration in California
Moreover, although ICANN is in charge of governance, it does so only by requirements and decrees, another non-state company, VeriSign, is in charge of execution.
Next comes the root servers, there are 13 of them and they belong to different companies from the US Army to institutions and non-profit companies from the Netherlands, Sweden and Japan. There are also their full copies around the world, including in Russia (Moscow, St. Petersburg, Novosibirsk, Rostov-on-Don).
And most importantly, these servers contain a list of trusted servers around the world, which in turn contain another list of servers around the world, which already contain the name and address registries themselves.
The real purpose of root servers is to say that the registry of such and such a server is official, and not fake. On any computer, you can set up a server with your own list, and for example, when you access sberbank.ru, you will not be sent its real address - 0.0.0.1, but - 0.0.0.2, which will host an exact copy of the Sberbank website, but all data will be stolen. In this case, the user will see the desired address in a human-readable form and in no way will be able to distinguish a fake from a real site. And the computer itself needs only an address and it works only with it, it does not know about any letters. This is when viewed from the point of view of potential threats. Why are we introducing laws?
* one recognizable ncbi - what is it worth
The same goes for the https/TLS/SSL common root certification - which is already focused on security. The plan is the same, but other data is sent along with the address, including public keys and signatures.
The main thing is that there is an end point that serves as a guarantor. And if there are several such points and with different information, then it is easier to organize a substitution.
The main purpose of address registries is to maintain a common list of names in order to avoid two sites with the same human-visible address and different IPs. Imagine the situation: one person posts a link to magazine.net to a page with a study on amphetamine stimulant addiction prevention with amphonelic acid, another person is interested and clicks on the link. But the link is only the text itself: magazine.net, contains nothing else. However, when the author published the link, he simply copied it from his browser, but he used Google DNS (the same registry), and he has the address 0.0.0.1 under the magazine.net entry, and one of the readers who clicked on the link uses Yandex DNS and it stores another address - 0.0.0.2, on which the electronics store and the registry do not know anything about any 0.0.0.1. Then, the user will not be able to view the article of interest to him. Which basically contradicts the whole point of the links.
Who is especially interested: in fact, registries contain a whole range of addresses, and sites can also change the final IP for various reasons (Suddenly, the new provider provides more speed). And so that the links do not lose their relevance, DNS provides the ability to change addresses. It also helps when increasing or decreasing the number of servers serving the site.
As a result, with any decision of the American side or military attacks, including the seizure of non-state institutions, the falsification of root centers or the complete destruction of ties with Russia, it will not be possible to bring the stability of the Russian segment of the Internet to its knees.
Firstly, the master encryption keys themselves are stored in two bunkers on different sides of the United States. Secondly, administrative control is so distributed that it will be necessary to negotiate with the entire civilized world to turn off Russia. Which will be accompanied by a long discussion and Russia will simply have time to set up its infrastructure. At the moment, no such proposals have been made in history, even in theory. Well, there are always copies anywhere in the world. It will be enough to redirect traffic to the Chinese or Indian copy. As a result, we will have to negotiate with the whole world in principle. And again, on the territory of Russia there will always be the last list of servers and you can always continue from where you left off. Or you can just replace the signature with another one.
You can not check the signature at all - even if everything happens instantly, and the Russian centers are destroyed, providers can ignore the lack of communication with the root servers, this is purely for additional security and does not affect routing.
Operators also store a cache (the most popular ones requested) of both keys and the registries themselves, and a piece of the cache of your popular websites is stored on your computer. As a result, at first you will not feel anything at all.
There are also other WWW centers, but they often work on a similar principle and are less necessary.
Everyone will die, but the pirates will live!
Besides the official root servers, there are alternative ones, but they are usually owned by pirates and anarchists who oppose any censorship, so the providers do not use them. But the chosen ones... Here, even if the whole world conspires against Russia, these guys will still continue to serve.
By the way, the DHT algorithm of peer-to-peer networks Torrent can live without any registries, it does not request a specific address, but communicates with the hash (identifier) of the desired file. That is, pirates will live in general under any circumstances!
The only real attack!
The only real threat can only be the conspiracy of the whole world, with the cutting of all cables leading from Russia, knocking down satellites and installing radio interference. True, in this case of a world blockade, the last thing that will be of interest is the Internet. Either an active war, but everything is the same there.
The Internet within Russia will continue to function. Just with a temporary security downgrade.
So what is the law about?
The strangest thing is that the law theoretically describes this situation, but offers only two real things:
- Make your WWW hubs.
- Transfer all border crossing points of Internet cables to Roskomnadzor and install content blockers.
No, these are not two things that solve the problem, these are, in principle, two things that are in the law, the rest is like: "it is necessary to ensure the stability of the Internet." No methods, fines, plans, distribution of duties and responsibilities, but simply declaration.
As you already understood, only the first point is related to the sovereign Internet, the second is censorship and nothing more. Moreover, this can reduce the activity of building border networks, and ultimately reduce the stability of the sovereign Internet.
The first point, as we have already found out, solves the problem of an unlikely temporary and little dangerous threat. This will already be done by network participants when threats appear, but here it is proposed to do this in advance. You need to do this in advance, only in one very depressing case.
The results are disappointing!
Summing up, it turns out that the government has allocated 30 billion rubles for a law that solves an unlikely non-dangerous situation that, at best, does no harm. And the second part will establish censorship. We are offered the introduction of censorship so that we are not turned off. You might as well offer to drink milk on Thursdays throughout the country to avoid murder. That is, both logic and common sense say that these things are not connected and cannot be connected.
So why is it that the government is preemptively preparing for total censorship ... censorship and war?
A minute of care from a UFO
This material may have caused conflicting feelings, so before writing a comment, brush up on something important:
How to write a comment and survive
- Do not write offensive comments, do not get personal.
- Refrain from obscene language and toxic behavior (even in a veiled form).
- To report comments that violate site rules, use the "Report" button (if available) or .
What to do, if: |
→ и
→
Source: habr.com