2024-kristoff-internet
findings extracted from this paper
-
Alternative DNS resolvers trivially circumvent EU sanctions enforcement: third-party providers such as Google Public DNS and Cloudflare DNS implement no sanctions filtering regardless of user location, meaning any user who can switch their resolver can bypass most enforced blocks. The paper concludes that 'as long as a user can utilize an alternative DNS resolver, they would be able to bypass most sanctions enforcement.'
-
DNS-based blocking was the dominant EU sanctions enforcement mechanism: 87% of the 125 OONI vantage points implementing blocks chose DNS, and RIPE Atlas measurements found 50% of blocking ISPs return DNS error responses. Coverage dropped with each new sanctions package—45% of vantage points blocked first-round domains versus only 17% for fourth-round additions.
-
EU sanctions enforcement was deeply non-uniform across member states and over time: 77% of blocking autonomous systems enacted enforcement within 3 months of the initial sanctions, but adoption timelines, block-list coverage, and over/under-compliance patterns varied substantially by country and ISP. Austria blocked certain domains months after Germany despite advance specification; domains removed from the German list were eventually de-blocked with significant lag; the newly registered sputnikglobe.com was not widely blocked as of the study's writing.
-
IP-level access control was the most complete and effective sanctions enforcement mechanism—applied at or near the content destination—but was also the least commonly deployed approach. The paper attributes its rarity to the over-blocking risk when multiple services share a single IP address; one observed instance involved DDoS-mitigation providers performing IP-based enforcement that did not appear in DNS measurements.
-
Mirror domains registered by sanctioned Russian outlets (e.g., rtde.site, rtde.xyz, rtde.live, rtde.tech) remained almost universally accessible across EU member states; Table 2 shows near-100% uncensored DNS responses for mirror domains in the vast majority of countries. The EU had no effective mechanism to police domain mirroring in real time, leaving it an unmitigated circumvention strategy throughout the study period.