"To many people, myself included, the use of digital fingerprinting and tracking of personal details across different websites is as abusive as phishing and almost as abusive as malware sites."

- Evan Leibovitch

 

Therein, is the recognition that the fight against privacy abuse is aligned with the fight against security threats.  My reading of SAC127 says this is also recognized.  

 

It seems to me that what is being argued in SAC127 is that a platform-level resolution via DNS blocking is fraught.  And, equally so, the alternate DNS resolvers, mainly due to the [even] inadvertent possibility of a trespass on the rights-of-use of others.  

 

I agree with Evan that digital fingerprinting and cross-site tracking exploit users in ways that are uncomfortably close to phishing and, in many cases, indistinguishable from malware behaviour.

 

The current internet business model actively incentivizes this; platforms productize the user, extract behavioral data and normalize persistent tracking across domains.

 

Which explains the hard trek to meaningful change emerging at the platform level, resulting in the drive to mutate end users from passive taker to active the [self] defender Evan is suggesting At-Large should be promoting.

 

Fatigue-by-design is the result of the systemic application of consent banners, tracking requests and hidden scripts. Most users cannot realistically fight this one prompt at a time.

 

Solution rests with fomenting a material change to the incentives that drive tracking, fingerprinting, phishing and malware ecosystems.

 

Proactive control preventing connections to fingerprinting infrastructure and reduce the exposure of user metadata before it ever reaching the browser valorize public DNS resolvers such as Cloudflare (1.1.1.1), Control D and AdGuard.

 

One-stop-shop and you block known tracking domains, phishing domains before a connection is established, prevent access to malware command-and-control servers and reduce exposure to malicious redirects and spoofed domains. As many of these as they know.

 

Even me who reserves the right to be offended sees the benefits here.

 

Carlton

   


==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Process, Governance, Assessment & Turnaround
=============================


On Thu, 30 Apr 2026 at 17:38, Evan Leibovitch via ALAC <alac@icann.org> wrote:
Hi all,

Anyone who is following the issue of DNS Abuse, which we have been discussing here, would be well advised to have a look at SSAC 127 issued last year, on the top of "DNS Blocking Revisited".

This one one of the few ICANN documents of which I am aware that deals with personal-level blocking as a way to mitigate abuse as well as state- and infrastructure-level blocking.

It spends a useful amount of effort on how end users can implement their own personal "blocking" through VPNs and "Public Resolvers":

 Users are aware of the benefits of public DNS resolvers and have been reconfiguring their systems to leverage these services. This shift has been fueled by a growing understanding of the potential privacy and performance advantages that public resolvers offer over default DNS configurations, and in response to cases of state censorship and the abuse of DNS services offered by ISPs.

This, to me, offers a rationale on how educating the public - and indeed the broader ICANN community -- about such facilities is directly relevant to ICANN's mission and At-Large's role within it.

I note with curiosity the complete lack of mention of one of the main reasons end-users are implementing such services: the blocking of advertising and tracking sites. To many people, myself included, the use of digital fingerprinting and tracking of personal details across different websites is as abusive as phishing and almost as abusive as malware sites. While mention is made of Cloudflare and Canadian Shield, the report completely ignores services such as Control D, Adguard DNS and NextDNS which block ads and trackers as well as more-malicious sites. For some blocking ads is a significant way to speed web-page rendering. And while some may debate the ethics of ad blocking, I am not aware of any jurisdiction in which doing so is illegal.

While it speaks of the use of the DNS to block pornography and gambling sites, as well as in-browser checks against malicious sites, oddly SSAC 127 ignores one of the main reasons people search for alternative DNS servers. But except for that notable error of omission, and is a worthwhile read for anyone who cares about what end-users (the ALAC constituency) can do to mitigate DNS abuse ... that is, considering that what constitutes "abuse" is not rigid and many approaches are available.
--
Evan Leibovitch, Toronto Canada
@evanleibovitch / @el56
_______________________________________________
ALAC mailing list -- alac@icann.org
To unsubscribe send an email to alac-leave@icann.org

At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.