armistace/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

'DNS solution addresses social media ban.

Browse Source 
'
This commit is contained in:
Blog Creator 2025-09-16 20:32:05 +00:00
parent 00c41dedac
commit d82db6e7b9
1 changed files with 10 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/content/an_actual_solution_to_the_social_media_ban.md
View File

@ -1,46 +1,16 @@
# An Actual Solution to the Social Media Ban
## The Legislation That Wasn't
The Australian Government today released that it would be “watering” down some of the requirements of the legislation it plans to impose on all of us in December. OOOO the irony. It plans to make it so that there is no mandatory minimum acceptable “flag rate” for the underage detection technology (So in reality this means that live testing has proved to be so abysmal as to make this an unachievable metric in law) and finally, the tech companies “listed” in the legislation (as mentioned they are actually putting the company names in legislation which is wild) only need to show they've gone to “reasonable” steps to remove children from their platforms as required under the law. Wow, just wow… this legislation now does nothing. As mentioned by all experts in the field, the legislation was designed poorly and ignored expert input from the industry. As a result, parents now really have less than they had before. Julie Inman Grant should be fired. She has pushed something untenable and frankly ludicrous in her mission to punish big tech for not being nice to her. Now don't get me wrong; I have no love for big tech (I'm actively working to decouple myself from them). But this was never about sticking it to big tech. This was about the Australian Government trying to stick its nose where it doesn't have the clout to… and there doing it on the advice of a failed big tech marketing executive who doesn't know UDP from TCP… So… the question remains now that this legislation has about as much as toilet paper, what *could* the government *actually* do to help parents with this problem. Well.. to that end I have actually had a technically feasible idea that doesn't involve putting a sledgehammer to our privacy and opening a hole you can drive a truck through to access our identity documents.
So, the Australian Government today released that it would be “watering” down some of the requirements of the legislation it plans to impose on all of us in December. OOOO the irony. It plans to make it so that there's no mandatory minimum acceptable “flag rate” for the underage detection technology (so in reality, this means that live testing has proved to be so abysmal as to make this an unachievable metric in law) and finally, the tech companies “listed” in the legislation (as mentioned, they're actually putting the company names in legislation, which is wild) only need to show they've gone to “reasonable” steps to remove children from their platforms as required under the law. Wow, just wow… this legislation now does nothing. As mentioned by all experts in the field, the legislation was designed poorly and ignored expert input from the industry. As a result, parents now really have less than they had before. Julie Inman Grant should be fired. She has pushed something untenable and frankly ludicrous in her mission to punish big tech for not being nice to her.
There is an old system we have been using for a long, long time. This system is known as the domain name system (DNS) and it simply maps URLs like [https://blog.aridgwayweb.com](https://blog.aridgwayweb.com) to their IP address x.x.x.x (it's a bit more complicated than that but that's the crux of it). For most people, they use the DNS configured in the router they bought, either from their ISP or from a retailer. If you bought from your ISP, it is likely pointing to their DNS and all the major ISPs have people who maintain their internal DNS systems to make sure that their customers can get to where they need. For those more technical, you may change this.
Now don't get me wrong—I have no love for big tech (I'm actively working to decouple myself from them). But this was never about sticking it to big tech. This was about the Australian Government trying to stick its nose where it doesn't have the clout to… and there doing it on the advice of a failed big tech marketing executive who doesn't know UDP from TCP…
* 1.1.1.1 is Cloudflare's DNS system [https://developers.cloudflare.com/1.1.1.1/ip-addresses/](https://developers.cloudflare.com/1.1.1.1/ip-addresses/)
* 8.8.8.8 is Google DNS
* There are family-friendly ones like this from OpenDNS [https://www.opendns.com/home-internet-security/](https://www.opendns.com/home-internet-security/) normally coming at a fee.
* You can even run your own DNS, like I do so that you can kill requests at the local level. In my case, I use a Pi-hole (that is actually sitting on an LXC in my Proxmox cluster) and I use it to kill ads at the network layer instead of the client.
So… the question remains now that this legislation has about as much as toilet paper, what *could* the government *actually* do to help parents with this problem? Well, to that end, I have actually had a technically feasible idea that doesn't involve putting a sledgehammer to our privacy and opening a hole you can drive a truck through to access our identity documents.
It is an old, well-understood, and ubiquitous system that is very handy for manipulating name resolution. The Chinese originally leveraged it for their “great firewall,” so it's known to have country-level capability for citizen spying (oops, did I just say this legislation amounts to mass surveillance…).
## The DNS Solution That Actually Works
So my proposal is simple. Australia has the skills to set up a large DNS server, likely in the Communications Department. This DNS server could very easily reroute network requests to “www.facebook.com” or whatever name you need to reroute to an internal service that requires some form of authentication or identity provision (which would be a service that could remain internal to Government and never need to traverse to an untrustworthy third party) and then allow the request back through to the proper IP address. This DNS can be *optionally* configured on anyone's router (ISPs could assist their less technically inclined customers with this), and hey presto, calls to facebook.com from that router now need to go through the governments “age verification” process. The authentication could be set up by an adult in the house with a valid identity document proving they are 18 and then given some form of auth to get past the verification page (password, passkey, pick your poison). Mobile phones tend to have an internal DNS system (sometimes only writable on the sys partitions), but this update could be done by manufacturers. It is very simple then.. you can now create “Government certified” “Family Friendly” devices either routers or phones that are preconfigured with this DNS server and now that device requires all the things to get to Facebook. These devices are of course optional and should probably be subsidized by the government to make them accessible to families. The trick here though is optional. I don't require these services; I impose my own, stricter rules at a client level for my children and am comfortable managing this myself. I do understand that there are parents without these skills and this particular option to me means there is an *ACTUAL* solution for these parents that should *just* work. And better yet, it's built on an existing system and doesn't need legislation because it's now not a stick but in fact a service. This also means that no verification of identity needs to leave the country. No tech company needs to do any work, and the skills to build this already exist in the country… hell, they probably exist within most IT departments in the Government agencies.
There is an old system we've been using for a long, long time. This system is known as the domain name system, and it simply maps URLs like [https://blog.aridgwayweb.com](https://blog.aridgwayweb.com) to their IP address x.x.x.x (it's a bit more complicated than that, but that's the crux of it). For most people, they use the DNS configured in the router they bought, either from their ISP or from a retailer. If you bought from your ISP, it's likely pointing to their DNS, and all the major ISPs have people who maintain their internal DNS systems to make sure their customers can get to where they need.
For those more technical, you may change this:
* **1.1.1.1** is Cloudflare's DNS system [https://developers.cloudflare.com/1.1.1.1/ip-addresses/](https://developers.cloudflare.com/1.1.1.1/ip-addresses/)
* **8.8.8.8** is Google DNS
* There are family-friendly ones like this from OpenDNS [https://www.opendns.com/home-internet-security/](https://www.opendns.com/home-internet-security/) normally coming at a fee
* You can even run your own DNS like I do so that you can kill requests at the network layer. In my case, I use a Pi-hole (that is actually sitting on an LXC in my Proxmox cluster) and I use it to kill ads at the network layer instead of the client
It is an old, well-understood, and ubiquitous system that is very handy for manipulating name resolution. The Chinese originally leveraged it for their “Great Firewall,” so it's known to have country-level capability for citizen spying (oops, did say this legislation amounts to mass surveillance…).
So my proposal is simple. Australia has the skills to set up a large DNS server, likely in the Communications Department. This DNS server could very easily reroute network requests to “www.facebook.com” or whatever name you need to reroute to an internal service that requires some form of authentication or identity provision (which would be a service that could remain internal to the Government and never need to traverse to an untrustworthy third party) and then allow the request back through to the proper IP address.
This DNS can be *optionally* configured on anyone's router (ISPs could assist their less technically inclined customers with this), and hey presto—calls to facebook.com from that router now need to go through the Government's “age verification” process. The authentication could be set up by an adult in the house with a valid identity document proving they are 18 and they are then given some form of auth to get past the verification page (password, passkey—pick your poison).
Mobile phones tend to have an internal DNS system (sometimes only writable on the sys partitions), but this update could be done by manufacturers. It is very simple then. You can now create “Government certified” “Family Friendly” devices—either routers or phones—that are preconfigured with this DNS server and now that device requires all the things to get to Facebook.
These devices are of course optional and should probably be subsidised by the Government to make them accessible to families. The trick here, though, is optional. I don't require these services—I impose my own, stricter, rules at a client level for my children and am comfortable managing this myself. I do understand that there are parents without these skills, and this particular option to me means there is an ACTUAL solution for these parents that should *just* work.
And better yet, it's built on an existing system and doesn't need legislation because it's now not a stick but in fact a service. This also means that no verification of identity needs to leave the country. No tech company needs to do any work, and the skills to build this already exist in the country… hell, they probably exist within most IT departments in the Government agencies.
The beauty of this system is now the companies on the list also don't need to go to the floor of the house—they can just be updated at the whims of the eSafety commissioner. Now it doesn't cover the whole country of course, but those people that need the help/want to be told what to do can now be sure that the eSafety commissioner is looking out for them…
Now that the government has realised that this age verification malarkey is folly, it's time to look at real solutions, and I think the government-run family-friendly DNS system that routes certain domain names to requiring verification is a pretty good start at an actual technical solution to help families.
## The Wrap-Up
So, to recap: the legislation is a disaster, the government is trying to fix it with more legislation, and I'm suggesting a solution that doesn't involve making everyone's life a bureaucratic nightmare. It's a simple, existing system that's already been used for decades—just repurposed for a new problem.
If you're a parent who's struggling with this, I'm not saying this is the *only* solution, but it's a real one that doesn't require trusting big tech or the government to do the right thing. It's just a switch in the router, a bit of configuration, and a service that's already in place.
And if you're a tech person reading this, you're probably thinking, “Oh, I could do that.” Well, you're not wrong. But the point is, the Government doesn't need to pass another law to make this happen. It can just *do* it.
So, mate, she'll be right. Let's get this show on the road.
The beauty of this system is now the companies on the list also don't need to go to the floor of the house… they can just be updated at the whims of the eSafety commissioner. Now it doesn't cover the whole country of course, but those people that need the help/want to be told what to do can now be sure that the eSafety commissioner is looking out for them… Now that government has realized that this age verification malarkey is folly, it's time to look at real solutions. I think the government-run family-friendly DNS system that routes certain domain names to requiring verification is a pretty good start at an actual technical solution to help families.