armistace/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

'DNS solution for online safety'

Browse Source
This commit is contained in:
Blog Creator 2025-09-17 02:44:15 +00:00
parent d82db6e7b9
commit e9ca7fcb79
1 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/content/an_actual_solution_to_the_social_media_ban.md
View File

@ -1,16 +1,34 @@
# An Actual Solution to the Social Media Ban
The Australian Government today released that it would be “watering” down some of the requirements of the legislation it plans to impose on all of us in December. OOOO the irony. It plans to make it so that there is no mandatory minimum acceptable “flag rate” for the underage detection technology (So in reality this means that live testing has proved to be so abysmal as to make this an unachievable metric in law) and finally, the tech companies “listed” in the legislation (as mentioned they are actually putting the company names in legislation which is wild) only need to show they've gone to “reasonable” steps to remove children from their platforms as required under the law. Wow, just wow… this legislation now does nothing. As mentioned by all experts in the field, the legislation was designed poorly and ignored expert input from the industry. As a result, parents now really have less than they had before. Julie Inman Grant should be fired. She has pushed something untenable and frankly ludicrous in her mission to punish big tech for not being nice to her. Now don't get me wrong; I have no love for big tech (I'm actively working to decouple myself from them). But this was never about sticking it to big tech. This was about the Australian Government trying to stick its nose where it doesn't have the clout to… and there doing it on the advice of a failed big tech marketing executive who doesn't know UDP from TCP… So… the question remains now that this legislation has about as much as toilet paper, what *could* the government *actually* do to help parents with this problem. Well.. to that end I have actually had a technically feasible idea that doesn't involve putting a sledgehammer to our privacy and opening a hole you can drive a truck through to access our identity documents.
The Australian Government recently announced it would be “watering down” the requirements of the upcoming legislation regarding online safety. The irony isnt lost on anyone observing the situation. Specifically, the planned mandatory minimum “flag rate” for underage detection technology has been dropped a clear indication that initial testing proved unachievable. Furthermore, the legislation now only requires tech companies to demonstrate “reasonable steps” to remove children from their platforms.
There is an old system we have been using for a long, long time. This system is known as the domain name system (DNS) and it simply maps URLs like [https://blog.aridgwayweb.com](https://blog.aridgwayweb.com) to their IP address x.x.x.x (it's a bit more complicated than that but that's the crux of it). For most people, they use the DNS configured in the router they bought, either from their ISP or from a retailer. If you bought from your ISP, it is likely pointing to their DNS and all the major ISPs have people who maintain their internal DNS systems to make sure that their customers can get to where they need. For those more technical, you may change this.
Lets be frank: this legislation, as it stands, achieves very little. Experts in the field consistently warned that the approach was flawed and ignored industry input. The result? Parents are arguably in a worse position than before. The focus on punitive measures, rather than practical solutions, has been a misstep, and the relentless pursuit of this agenda by the eSafety Commissioner feels increasingly disconnected from reality.
* 1.1.1.1 is Cloudflare's DNS system [https://developers.cloudflare.com/1.1.1.1/ip-addresses/](https://developers.cloudflare.com/1.1.1.1/ip-addresses/)
* 8.8.8.8 is Google DNS
* There are family-friendly ones like this from OpenDNS [https://www.opendns.com/home-internet-security/](https://www.opendns.com/home-internet-security/) normally coming at a fee.
* You can even run your own DNS, like I do so that you can kill requests at the local level. In my case, I use a Pi-hole (that is actually sitting on an LXC in my Proxmox cluster) and I use it to kill ads at the network layer instead of the client.
Its important to state that criticism of this legislation isnt an endorsement of big tech. While Im actively working to reduce my own reliance on these platforms, this situation was never about punishing companies. It was about the Australian Government overreaching in an area where it lacks the necessary expertise and, frankly, the authority. The driving force behind this appears to be a personal vendetta, fuelled by someone unfamiliar with the fundamental principles of how the internet operates.
So, with the current legislation effectively neutered, what *can* the government do to genuinely help parents navigate the challenges of online safety? I believe theres a technically feasible solution that doesnt involve trampling on privacy or creating massive security vulnerabilities.
The answer lies in a system weve been using for decades: the Domain Name System (DNS). Simply put, DNS translates human-readable URLs like [https://blog.aridgwayweb.com](https://blog.aridgwayweb.com) into the corresponding IP address (e.g., x.x.x.x). Its a foundational component of the internet, and while seemingly simple, its incredibly powerful.
Most people rely on the DNS provided by their Internet Service Provider (ISP) or the manufacturer of their router. However, its possible to change this setting. Popular alternatives include Cloudflares 1.1.1.1, Googles 8.8.8.8, and paid family-friendly options like OpenDNS. For those with more technical expertise, its even possible to run your own DNS server I personally use Pi-hole to block ads at the network level.
This existing infrastructure offers a unique opportunity. The Chinese government has long leveraged DNS for its “Great Firewall,” demonstrating its capability for large-scale internet control. While that application raises obvious concerns, the underlying technology itself isnt inherently malicious.
My proposal is straightforward: the Australian Government could establish a large-scale DNS server within the Communications Department. This server could be configured to redirect requests to specific websites like Facebook or TikTok to an internal service that requires some form of authentication or identity verification. Once verified, the request would then be forwarded to the correct IP address.
This DNS server could be *optionally* configured on any router, with ISPs assisting less technically inclined customers. The result? Access to certain websites from that router would require passing through the governments age verification process.
The authentication could be managed by an adult in the household, providing a valid identity document to establish a secure connection. Mobile phones could also be updated by manufacturers to incorporate this DNS setting.
This would allow for the creation of “Government-certified” or “Family-Friendly” devices routers or phones pre-configured with this DNS server ensuring a consistent level of online safety. These devices could be subsidised by the government to ensure accessibility for all families.
Crucially, this system is optional. Individuals who prefer to manage their own online security as I do would remain unaffected. However, for parents who lack the technical skills or desire to implement their own solutions, this offers a practical and effective alternative.
This approach also avoids the need to collect and store sensitive identity data offshore. No tech company needs to be involved in the verification process, and the skills to build and maintain this system already exist within the Australian public service.
Furthermore, the eSafety Commissioner could easily update the list of websites subject to verification, providing a flexible and responsive system. It wouldnt cover the entire internet, of course, but it would provide a valuable safety net for those who need it.
Now that the government has acknowledged the shortcomings of its initial approach, its time to explore real solutions. A government-run, family-friendly DNS system that routes certain domain names to a verification process is a solid starting point for a genuinely effective technical solution to help families navigate the online world.
It is an old, well-understood, and ubiquitous system that is very handy for manipulating name resolution. The Chinese originally leveraged it for their “great firewall,” so it's known to have country-level capability for citizen spying (oops, did I just say this legislation amounts to mass surveillance…).
So my proposal is simple. Australia has the skills to set up a large DNS server, likely in the Communications Department. This DNS server could very easily reroute network requests to “www.facebook.com” or whatever name you need to reroute to an internal service that requires some form of authentication or identity provision (which would be a service that could remain internal to Government and never need to traverse to an untrustworthy third party) and then allow the request back through to the proper IP address. This DNS can be *optionally* configured on anyone's router (ISPs could assist their less technically inclined customers with this), and hey presto, calls to facebook.com from that router now need to go through the governments “age verification” process. The authentication could be set up by an adult in the house with a valid identity document proving they are 18 and then given some form of auth to get past the verification page (password, passkey, pick your poison). Mobile phones tend to have an internal DNS system (sometimes only writable on the sys partitions), but this update could be done by manufacturers. It is very simple then.. you can now create “Government certified” “Family Friendly” devices either routers or phones that are preconfigured with this DNS server and now that device requires all the things to get to Facebook. These devices are of course optional and should probably be subsidized by the government to make them accessible to families. The trick here though is optional. I don't require these services; I impose my own, stricter rules at a client level for my children and am comfortable managing this myself. I do understand that there are parents without these skills and this particular option to me means there is an *ACTUAL* solution for these parents that should *just* work. And better yet, it's built on an existing system and doesn't need legislation because it's now not a stick but in fact a service. This also means that no verification of identity needs to leave the country. No tech company needs to do any work, and the skills to build this already exist in the country… hell, they probably exist within most IT departments in the Government agencies.
The beauty of this system is now the companies on the list also don't need to go to the floor of the house… they can just be updated at the whims of the eSafety commissioner. Now it doesn't cover the whole country of course, but those people that need the help/want to be told what to do can now be sure that the eSafety commissioner is looking out for them… Now that government has realized that this age verification malarkey is folly, it's time to look at real solutions. I think the government-run family-friendly DNS system that routes certain domain names to requiring verification is a pretty good start at an actual technical solution to help families.