A proposed French law threatens to undermine open Web and user privacy, including that of non-French residents. The bill, called SREN, aims to protect children from pornographic content, prevent fraud and curb online harassment. However, this probably the case where the road to hell is paved with good intentions.

French government wants to play an Internet overload

The bill, which has already passed the upper house of the French parliament, has all the characteristics of a potential ticking time bomb, if adopted. Among its controversial provisions is the requirement for adult sites to install age verification systems and a steep penalty for failing to remove content within 24 hours. But the most alarming is the one that gives the French authorities the power to order DNS providers and web browsers to block any website that they deem illegal.

According to the article 6 of the bill, the French government can flag any website as violating the criminal or monetary and financial law, and demand DNS providers and web browsers to block it. The order can come from an administrative authority (notably, not a court), and it can last for up to three months, with a possibility of extension for another six months.

It’s not specified how web browsers and DNS providers need to meet this requirement. The bill only says that they have to “immediately take any useful measure intended to prevent access to the address of this service.”

Far-reaching implications for free speech and global users

To better grasp the potentially far-reaching and disastrous implications of this bill not only to French users, but also clients of different browsers and DNS resolvers (including AdGuard DNS), let’s remember what role they play in enabling users to access and interact with the Internet.

DNS resolvers and web browsers are like translators and guides that allow users to find and reach their desired destinations on the network. DNS servers convert domain names into IP addresses that browsers can understand and load pages. Every time you click on a link, your web browser sends a DNS query to DNS resolver, and the resolver points out which website to load, thus allowing you to find information on the internet at the snap of a second. All in all, DNS resolvers and web browsers are essential components of the Internet architecture, not the least because they make online browsing human-friendly.

As we have said many times already, DNS providers as well as web browsers are just intermediaries between users and internet resources, and should not be responsible for content moderation.

Technical challenges

As far as DNS resolvers are concerned, they are not even technically equipped for the task.

A DNS resolver cannot block access to a particular page that contains infringing content, such as an image, while sparing all other pages on the site. Because it works at the domain level, a DNS resolver can only block or allow access to the entire website. For example, if illegal content had somehow found its way onto YouTube, the DNS resolver would have to block the entire YouTube domain. The same problem would occur with almost all other services, as they typically consist of multiple web pages or resources within one domain — think of Google Drive, or Reddit as examples.

Another problem is that DNS resolvers will have to allocate more resources in order to block a particular domain only for users in a particular country, such as France. This will place an additional financial burden on all DNS providers, and make life particularly difficult for smaller providers, potentially forcing them out of the market.

The proposed French law would also likely pose a challenge to web browser developers, who would have to constantly update their software to keep up with the changing domains of the websites the government wants to block. The need to constantly update a web browser is unlikely to be met with much enthusiasm from either developers or users.

Empowering censors

Beyond purely technical and cost issues, the bill could also pave the way for more censorship. While the French government claims that the law will only be used to fight fraud, online harassment, and the spread of illegal content and disinformation, we cannot be sure of its future use. What is particularly worrying is that other countries, which may be even less democratic than France, could produce copycat laws that would empower their local authorities to order around web browsers and DNS providers, even without a court ruling.

But that’s not all. It could encourage web browsers to track more of their users’ online behavior, which could jeopardize the privacy rights that have been won so far, warns Article 19, a global human rights organization that promotes freedom of expression and access to information.

Mozilla leads campaign against the bill

One of the most vocal critics of the bill has been Mozilla, maker of the privacy-focused Firefox browser. In a June blog post, Mozilla described the bill as “a well-intentioned yet dangerous move” that could create “a dystopian technical capability.”

Mozilla acknowledges the French government’s concerns about the rise of cybercrime, including threats from malware and phishing attacks, but argues that existing protections such as Google’s Safe Browsing (which Firefox also uses) and Microsoft’s Smart Screen are sufficient.

These services warn users about navigating to a potentially dangerous site or downloading a potentially dangerous file, but do not prevent them from doing so. Mozilla believes this should remain the case, while blocking pages and websites in accordance to the local country laws, if unavoidable, should at least remain at the ISP level. “In fact, a government being able to mandate that a certain website not open at all on a browser/system is uncharted territory and even the most repressive regimes in the world prefer to block websites further up the network (ISPs, etc.) so far,” it says.

We fully share this view, as we also believe that web browsers and DNS providers should not be dragged into content policing. Rather, the use of existing tools, to protect users from phishing attacks, malware, fraud, and other cybercrime should be encouraged.

Similar to Google’s Safe Browsing and Microsoft’s Smart Screen in terms of functionality is “Browsing Security” module, available in AdGuard for Windows, Mac, and Android as well as in AdGuard browser extensions. It is powered by special filters that instruct AdGuard apps and extensions to caution against visiting the websites we blacklisted — about 1.5 million phishing and malware sites in total.

If you wish, you can also filter out ‘bad’ domains at a DNS level. As we’ve mentioned before, DNS blocking is not possible on a granular, web page level, so it may not be ideal for targeted action. Still, it is a viable option. DNS filtering is supported by all major AdGuard applications. Depending on the app you use and the configuration, an AdGuard DNS server will block phishing sites, warn you of potential malware, and protect your child from adult content (in Parental Control mode).

What makes all these solutions different from government-mandated website blocking is that you are in the driver’s seat, choosing whether or not to use a certain filtering or blocking product, whereas when the government is in charge, you have no choice. And choice is what freedom is all about. You can also take action in your own hands, for instance, by contributing to developing new filters that would flag harmful websites and make the Internet safer. This is a healthy alternative to government-imposed bans, as it gives the online community the power to shape our own online experience.