Hi all,

Anyone who is following the issue of DNS Abuse, which we have been discussing here, would be well advised to have a look at SSAC 127 issued last year, on the top of "DNS Blocking Revisited".

This one one of the few ICANN documents of which I am aware that deals with personal-level blocking as a way to mitigate abuse as well as state- and infrastructure-level blocking.

It spends a useful amount of effort on how end users can implement their own personal "blocking" through VPNs and "Public Resolvers":

 Users are aware of the benefits of public DNS resolvers and have been reconfiguring their systems to leverage these services. This shift has been fueled by a growing understanding of the potential privacy and performance advantages that public resolvers offer over default DNS configurations, and in response to cases of state censorship and the abuse of DNS services offered by ISPs.

This, to me, offers a rationale on how educating the public - and indeed the broader ICANN community -- about such facilities is directly relevant to ICANN's mission and At-Large's role within it.

I note with curiosity the complete lack of mention of one of the main reasons end-users are implementing such services: the blocking of advertising and tracking sites. To many people, myself included, the use of digital fingerprinting and tracking of personal details across different websites is as abusive as phishing and almost as abusive as malware sites. While mention is made of Cloudflare and Canadian Shield, the report completely ignores services such as Control D, Adguard DNS and NextDNS which block ads and trackers as well as more-malicious sites. For some blocking ads is a significant way to speed web-page rendering. And while some may debate the ethics of ad blocking, I am not aware of any jurisdiction in which doing so is illegal.

While it speaks of the use of the DNS to block pornography and gambling sites, as well as in-browser checks against malicious sites, oddly SSAC 127 ignores one of the main reasons people search for alternative DNS servers. But except for that notable error of omission, and is a worthwhile read for anyone who cares about what end-users (the ALAC constituency) can do to mitigate DNS abuse ... that is, considering that what constitutes "abuse" is not rigid and many approaches are available.