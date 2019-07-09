UK ISPs Vilify Mozilla For Trying To Secure The Internet
Over the years, UK ISPs have been forced by the government to censor an increasing array of "controversial" content, including copyrighted material and "terrorist content." In fits and spurts, the UK has also increasingly tried to censor pornography, despite that being a decidedly impossible affair. Like most global censorship efforts, these information blockades often rely on Domain Name Server (DNS) level blacklists by UK ISPs.
Historically, like much of the internet, DNS hasn't been all that secure. That's why Mozilla recently announced it would begin testing something called "DNS over HTTPS," a significant security upgrade to DNS that encrypts and obscures your domain requests, making it difficult to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in the government, ISP, or other organizational efforts to use DNS records to block and filter content or track user activity.
Apparently thinking they were helping(?), the UK Internet Services Providers’ Association (ISPA), the policy and trade group for UK ISPs, last week thought they'd try and shame Mozilla for... trying to secure the internet. The organization "nominated" Mozilla for the organization's meaningless "internet villain" awards for, at least according to ISPA, "undermining internet safety standards in the UK":
Of course Mozilla is doing nothing of the sort. DNS over HTTPS (which again Mozilla hasn't even enabled yet) not only creates a more secure internet that's harder to filter and spy on, it actually improves overall DNS performance, making everything a bit faster. Just because this doesn't coalesce with the UK's routinely idiotic and clumsy efforts to censor the internet, that doesn't somehow magically make it a bad idea.
Of course, many were quick to note that ISPA's silly little PR stunt had the opposite effect than intended. It not only advertised that Mozilla was doing a good thing, it advertised DNS over HTTPS to folks who hadn't heard of it previously:
The silly PR stunt also reminded everybody how the bigger players in telecom sector (be it in the US, UK, or elsewhere) are usually all too happy to buckle to requests to censor the internet or spy on internet users. That said, one smaller UK ISP, Andrews and Arnold, decided to donate some money to Mozilla:
A&A has today donated £2,940 to the Mozilla Foundation.
UK spy agency GCHQ and the Internet Watch Foundation (which manages the UK's internet watchlist) have also complained that the DNS security upgrade makes it harder to censor content and spy on users. But again, Mozilla says the effort is simply under discussion, won't be enabled by default, wouldn't break things like parental controls, and there's not even a hard date for deployment yet. For those interested, Cloudflare operates a DNS-over-HTTPS-compatible public DNS server at 1.1.1.1.
Update: It looks like ISPA is now in full retreat and have pulled the Mozilla nomination entirely, but not before issuing a "sorry not sorry" press release:
Filed Under: censorship, dns, dns over https, privacy, security, streisand effect, uk
Companies: andrews and arnold, cloudflare, ispa, mozilla, uk ispa
Reader Comments
Can we nominate the ISPAUK for an internet villain award for their use of DC Comic villains, Marvel Comic Villans, AND Disney villains? I'm willing to bet they didn't get a license to use them and I doubt it falls under their so called Fair Dealing either.
Re:
exactly. but they probably won't get pinged like most anyone else would for the use of those trademarked and copyrighted characters, since "block all the things" aligns well with the agendas of the owners of those rights.
Attempting to censor the internet via DNS blocking is a very silly idea to begin with.
Re:
Like many such things, it sounds neat and tidy until you talk to people who knows how things actually work. If only government types would talk to such people who aren't paid to sell them on something...
Re:
It depends on what you're trying to accomplish. If the goal is to completely block certain content from everyone (e.g. China) then you will do it (because it's easy and can get some people), but you won't rely on it.
If your goal is to score political points by convincing Luddite voters that you've "stopped the evil internets from corrupting their precious, innocent children," it's fairly effective.
If your goal is reduce (but not necessarily eliminate) broad public recognition of some topic, both by reducing the number of people who know about it to begin with (as more people than you might expect are incapable,in a practical sense, of getting around DNS blocking) and by reducing the perceived severity or importance as the knock-on effects of DNS blocking incentivize more popular services to remove that content to avoid DNS issues potentially effecting their more important products, then it's also somewhat effective and has the benefit of much weaker public opposition than most alternatives due to opinions like yours.
I suspect the UK is a lot of option 2, with some smatterings of option 3.
Thanks
Thank you, Ms. Streisand. I'd never heard of DNS over HTTPS before and did not know of 1.1.1.1; now I do.
Of course, this is only as secure as how the DNS server gets its data; but by getting data from any server, not your local ISP's, we remove another layer of control from the ISP or local country.
Re: Thanks
Pi_hole also supports use of DNS over HTTP. It also acts as an add and tracking blockers for tablets and phones etc connecting over your WiFi.
Re: Thanks
DNSSEC helps with that. The server could get the records via carrier pigeon and they'd still be usable if the signature checked out.
Re: Re: Thanks
Note also that DNSSEC can be transported by DNS-over-HTTPS, and that in principle one only needs to know the trust anchor i.e. E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D. For example, one could publish the www.mozilla.org DNS records verifiably in a newspaper as long as the signatures from . to org., and .org. to mozilla.org., were included.
And also faster response
Considering how many sites have Cloudflare integrated into their operations, using Firefox with the DNS over HTTPS also has the benefit of being much faster for those sites.
Re: And also faster response
Yep. DNS is faster than ever since switching to DNS over HTTPS. I never get those frequent pauses when going to a different site that used to plague my connection. Connections are damn near instant now.
this 'organization's meaningless "internet villain" awards"' is as useless as the Special 301 Report put out by the USTR! it doesn't stop freakin' idiots taking notice of it or constantly quoting it when trying to get Congressional Brownie Points!!
ISPA's desire for constructive Dialogue..
Then Why in HELL did you place it into the public???
We learned this in School...HOW TO WHISPER, so the teacher dont hear you..
And really..alittle tech Can probably do better to figure out WHO is on the other side..
Consider the idea that 1000 people on a site or in a game, ALL have to have the DATA sent in the proper direction...
Can you see the internet with 1 billion Chats/connection all WIDE broadcasting in every direction across the net?? Every server int he world would be able to see what you typed..
Internet villains
War is peace; freedom is slavery; ignorance is strength.
Poor ISPAUK - wait til you see the lawsuits headed your way...
I'm waiting for the Marvel/Disney and DC/WarnerBrothers lawsuits, against ISPAUK, due to their unlicensed use of their works.
I'm sure the fines/law-suits will probably bankrupt the ISPAUK.
