The idea is you force them to choose the entire effective internet or nothing, which is not an economic self own even most dictatorships are willing to make.
These firewalls are an exercise in having your cake and eating it too.
But it doesn't end there... they block the CDN that implements this feature, and then the CDN's customers--who probably didn't care much about the benefits this gives to some of their users but are now losing access to some large customer base--start complaining and migrating off the CDN, which results in the CDN pulling back on the feature.
And we know this is what will happen as this is effectively what happened with domain fronting--where you simply use the wrong SNI instead of hiding it entirely--with all the large CDNs actively "fixing" this feature to prevent their customer's websites from being blocked by firewalls because of users who were using this to get around hostname restrictions.
Yup it's a cat and mouse game, and how much money these dictators represent.
Thankfully? in the case of Iran, many customers do not want to interact with Iran because of US export regulations, so if it breaks that, all the better ironically enough.
Iran, definitely. I don't think many companies would cry over the loss of Iran due to blocking their CDN.
China, on the other hand... That's where it starts getting interesting. There's already been several prominent examples of companies self-censoring to appease the Chinese government.
> which is not an economic self own even most dictatorships are willing to make.
What basis do you have for this claim? People make these claims constantly so confidently, but wherever I look all I see is that dictators have always been willing to make their nations incredibly poor.
> These firewalls are an exercise in having your cake and eating it too.
More to the point this isn't the Gordian Knot you think it is.
HTTPS isn't designed to prevent this. If you want to allow 'legitmate' access you just issues your own certs, and proxy requests. Universities etc can install your root cert and use your DNS servers.
It is game theory. Consider what happens in the real world - it is strictly easier for Iran or any country with a competent infrastructure to just shut down the big internet pipelines for retail customers. They don’t do that. China has spent untold amounts of money creating a stupidly effective surveillance state which is still technically open to the internet. Why?
So your assumption that “dictators will do the worst they can” is wrong. They will keep pushing the boundary outside the current Overton window but can’t do it in a snap. You force their hand by not providing alternatives and suddenly they’re stuck. They can’t just restrict feminist websites and claim that it is harming the social fabric then expand the net slowly. It is all or nothing as the OP explains.
More accurately is the ruling class wants to stay rich, and if they can stay rich without needing an educated and non-poor populace, all the better, because the hungry, disconnected and illiterate do not start effective revolutions. You see this in many resource dictatorships, since you don't need your populace to create your wealth.
In dictatorships where they need the populace, then they are in a tough spot, because the only way you get rich is having a developed population productive enough to tax, which you see in Singapore, China, Dubai and Iran somewhat.
It is this kind of authoritarian regime that needs the internet, but also wishes they didn't need the internet in the case of Iran and China.
They’re not equivalent statements. Dictators can be fine with making their countries poorer but still maintain internet access. There is a critical point (which isn’t well defined because we’re probably the only species in the universe at our level of tech that has no social science of any merit) beyond which policies will start backfiring. At the beginning of their reign, the dictator will take risks and push that window. Once entrenched, they will have to use a lighter touch unless they entirely go the North Korea route (which is difficult to do in 2022).
So in essence, this is a positive move because even dictators willing to destroy their countries for power will have to make a choice on internet access well before they gain enough power to cut it off entirely.
>What basis do you have for this claim? People make these claims constantly so confidently, but wherever I look all I see is that dictators have always been willing to make their nations incredibly poor.
Iran lost $17 billion in economic activity by cutting off the entire internet a few years ago for a week. They have not done that this time, making internet outages at specific times of day, etc.
I agree, this is the best approach. With every improvement, technology increases the amount of tyranny required of governments to maintain the same level of control they had before. They used to be able to block specific sites, now they will have to block everything and cut themselves off from the internet.
Eventually, we'll end up with either uncensorable technology or a totalitarian government.
Also I'm not well-educated in that area, but I would expect that CDNs would allocate dedicated IP ranged for big customers like Microsoft or Apple. So state can ban more selectively, white-listing those ranges.
