On June 19, Microsoft asked a US court to issue an ex parte injunction against dynamic DNS provider no-ip.com. On June 26, the court granted Microsoft's request, resulting in the transfer of 23 no-ip.com domain names to Microsoft's control.
All Internet traffic destined for those 23 domain names would then pass through Microsoft's Internet infrastructure, where it would be scanned, classified, and if Microsoft deemed it “malicious,” it would “disappear” into what Microsoft called a “sinkhole,” never to be seen again.
In a blog postMicrosoft justified its actions by arguing that “as malware creators continue to pollute the Internet, domain owners must act responsibly by monitoring and preventing cybercrime on their infrastructure.”
This action by Microsoft and a US court is unprecedented. No-ip.com provides a legitimate service to thousands of people: a free service that allows you to convert IP addresses provided by your Internet Service Provider into domain names. Many people use this functionality to access their home computers, for example, from work or other locations on the Internet. There is no evidence that no-ip.com broke the law. Microsoft's argument is that no-ip.com “failed to follow industry best practices.”
According to no-ip.comMicrosoft claims that it “intends to filter only known bad hostnames within each seized domain, while allowing good hostnames to continue resolving. However, this has not happened. Apparently, Microsoft's infrastructure cannot handle the billions of queries from our customers. Millions of innocent users are experiencing service outages due to Microsoft's attempts to remediate hostnames associated with a few bad actors.”
This meant that all traffic, including perfectly legitimate traffic, was routed through Microsoft, scanned, logged, and either passed on to its final destination or “disappeared.” A US court had branded Microsoft, a company with a terrible security record itself, as a global Internet police service.
Admittedly, the injunction is temporary. But it's also worth noting that the court hearing was “ex parte” – No-ip.com was not present and was not represented. Microsoft returned control of 18 of the 23 affected domains, but still retains control and can reclaim them at any time.
This sets another dangerous precedent with potential for internet censorship.
