Comcast And Mozilla Partner Up To Help Encrypt DNS
from the strange-bedfellows dept
Over at our Tech Policy Greenhouse, Article19’s Joey Salazar and Consumer Reports’ Benjamin Moskowitz just discussed how it’s long past time to encrypt the Domain Name Server (DNS) system at the heart of the internet. Thanks to the GOP demolishing of FCC broadband privacy rules in 2017, ISPs have carte blanche to monetize this data as they see fit, storing and selling access to your DNS browsing data to data brokers who continue to build detailed user profiles with little to no meaningful oversight.
At the forefront of encrypting DNS have been Google and Mozilla, both of which have been pushing for a standard known as “DNS over HTTPS,” a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. The proposal doesn’t come without downsides, and has seen opposition from ISPs that are either eager to continue to profit off of this data, or are worried that somebody else will (usually Google) if they can’t.
Comcast, AT&T, and others had previously been trying to demonize the Google and Mozilla efforts any way they could, from insisting the move constitutes an antitrust violation on Google’s part (it doesn’t), to saying it’s a threat to national security (it’s not), to suggesting it even poses a risk to 5G deployments (nah).
After Mozilla claimed to Congress that ISPs were being disingenuous with their opposition to the plan, at least one major ISP appears to have come around to the proposal. This week Mozilla announced that Comcast had joined the Firefox Trusted Recursive Resolver (TRR) program, which requires encrypted-DNS providers to not only meet privacy and transparency standards, but to promise not to block or filter domains by default “unless specifically required by law in the jurisdiction in which the resolver operates.” From the blog post:
“This program aims to standardize requirements in three areas: limiting data collection and retention from the resolver, ensuring transparency for any data retention that does occur, and limiting any potential use of the resolver to block access or modify content. By combining the technology, DoH, with strict operational requirements for those implementing it, participants take an important step toward improving user privacy.”
While Comcast has a well-deserved and terrible reputation for anti-competitive behavior, lobbying shenanigans and comically awful customer service, the company’s engineering folks remain top notch, and obviously appreciate the benefits of encrypting the DNS in the wholesale snoopvertising age. In conversations, the company continues to insist to be they’ve never monetized this data (not that anybody in government would ever have the ability or courage to confirm this), and had been running a beta version of its own encrypted DNS offering since last year.
Mozilla helping to standardize this and forming a coalition with Comcast is foundational, and under the partnership, Comcast is promising to not “retain, sell, or transfer to any third party (except as may be required by law) any personal information, IP addresses, or other user identifiers, or user query patterns from the DNS queries sent from the Firefox browser.” Now it’s just a matter of Comcast transparently proving that they’re actually adhering to those standards.