Hi Evan, Thank you for bringing SSAC 127 to our attention and for your sharp critique of its omissions. I completely agree that the report is valuable for focusing on *personal-level blocking* through VPNs and Public Resolvers, and that this is directly relevant to At-Large's mission of educating the end-user public. More importantly, your point on the exclusion of *ad and tracker blocking* is crucial. As you noted, the use of digital fingerprinting and tracking is considered "as abusive as phishing" by many. Ignoring services like Control D, Adguard DNS, and NextDNS, which address this, makes the report significantly less comprehensive from an end-user perspective. Perhaps our community can use this report as a starting point to develop our own educational materials—like the DNS abuse guide project already underway—that specifically address the full range of end-user DNS tools, including those used to mitigate tracking and other non-malware forms of abuse. Best regards, Mohibul Mahmud NARALO Member | NARALO ALAC Candidate On Thu, Apr 30, 2026 at 6:40 PM Evan Leibovitch via NA-Discuss < na-discuss@icann.org> wrote:
Hi all,
Anyone who is following the issue of DNS Abuse, which we have been discussing here, would be well advised to have a look at SSAC 127 <https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee...> issued last year, on the top of "DNS Blocking Revisited".
This one one of the few ICANN documents of which I am aware that deals with personal-level blocking as a way to mitigate abuse as well as state- and infrastructure-level blocking.
It spends a useful amount of effort on how end users can implement their own personal "blocking" through VPNs and "Public Resolvers":
* Users are aware of the benefits of public DNS resolvers and have been
reconfiguring their systems to leverage these services. This shift has been fueled by a growing understanding of the potential privacy and performance advantages that public resolvers offer over default DNS configurations, and in response to cases of state censorship and the abuse of DNS services offered by ISPs.*
This, to me, offers a rationale on how educating the public - and indeed the broader ICANN community -- about such facilities is directly relevant to ICANN's mission and At-Large's role within it.
I note with curiosity the complete lack of mention of one of the main reasons end-users are implementing such services: the blocking of advertising and tracking sites. To many people, myself included, the use of digital fingerprinting and tracking of personal details across different websites is as abusive as phishing and almost as abusive as malware sites. While mention is made of Cloudflare and Canadian Shield, the report completely ignores services such as Control D, Adguard DNS and NextDNS which block ads and trackers as well as more-malicious sites. For some blocking ads is a significant way to speed web-page rendering. And while some may debate the ethics of ad blocking, I am not aware of any jurisdiction in which doing so is illegal.
While it speaks of the use of the DNS to block pornography and gambling sites, as well as in-browser checks against malicious sites, oddly SSAC 127 ignores one of the main reasons people search for alternative DNS servers. But except for that notable error of omission, and is a worthwhile read for anyone who cares about what end-users (the ALAC constituency) can do to mitigate DNS abuse ... that is, considering that what constitutes "abuse" is not rigid and many approaches are available. -- Evan Leibovitch, Toronto Canada @evanleibovitch / @el56 ------ NA-Discuss mailing list -- na-discuss@icann.org To unsubscribe send an email to na-discuss-leave@icann.org
Visit the NARALO online at http://www.naralo.org ------ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.