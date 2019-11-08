Mozilla: ISPs Are Lying About Encrypted DNS, Should Have Privacy Practices Investigated
In a bid to avoid losing access to the cash cow that is your daily browsing data, ISPs like Comcast have been lying about Google and Mozilla's quest to encrypt DNS data. The effort would effectively let Chrome and Mozilla users opt in to DNS encryption -- making your browser data more secure from spying and monetization -- assuming your DNS provider supports it. Needless to day, telecom giants that have made billions of dollars monetizing your every online behavior for decades now (and routinely lying about it) don't much like that.
As a result, Comcast, AT&T, and others have been trying to demonize the Google and Mozilla efforts any way they can, from insisting the move constitutes an antitrust violation on Google's part (it doesn't), to saying it's a threat to national security (it's not), to suggesting it even poses a risk to 5G deployments (nah).
Mozilla this week came out with a letter not only taking aim at those claims, but urging Congress to investigate telecom's long history of privacy problems:
"Our recent experience in rolling out DNS over HTTPs (DoH)—an important privacy and security protection for consumers—has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over internet usage," the letter, signed by Marshall Erwin, senior director of trust and security and Mozilla, reads. "With this in mind, a congressional examination of ISP practices may uncover valuable insights, educate the public, and help guide continuing efforts to draft consumer privacy legislation."
While there's obviously plenty of perfectly legitimate criticism of Silicon Valley giants like Facebook and Google, we've been noting how telecom lobbyists have been quietly co-opting this backlash to help the telecom sector. So far you'd have to view these efforts as successful; while the government hyperventilates about Facebook and whether it should be broken up and heavily regulated, telecom has convinced lawmakers to effectively obliterate all oversight of telecom, despite the sector having historically been every bit as terrible as Facebook on the subjects of privacy, consumer rights, and competition.
As a result there are a few lawmakers (Marsha Blackburn comes quickly to mind) who claim to be utterly incensed at Facebook's behavior, but have chosen to give telecom a free pass. Mozilla's letter urges Congress to, you know, stop doing that if they want to be taken seriously:
"We believe that more information regarding ISP practices could be useful to the Committee as it continues its deliberations on this front, and we encourage the Committee to publicly probe current ISP data collection and use policies."
As we look to craft what the privacy standards and guidelines of tomorrow look like, it's another reminder of how focusing too exclusively on the missteps of Silicon Valley giants obscures the fact that these problems aren't just exclusive to "big tech." Mozilla's spot on when it notes that privacy solutions that don't consider telecom aren't much of a solution in the first place.
Filed Under: congress, dns over https, doh, encrypted dns, privacy, security
Companies: at&t, comcast, google, mozilla, verizon
Reader Comments
"if they want to be taken seriously"
Hahahaha - good one.
The Reason Telecoms don't Want Encrypted DNS Lookups
Be careful here though. I've seen people who claim that their ISP is hijacking their DNS lookups (regardless of whether they're using the ISP's DNS Server or not) and when pressed on it they point to how some ISPs are taking failed DNS lookups to their own DNS servers and returning their own search page (which they can obviously sell ads and placing on). A lot of experts claim this breaks certain functionality that relies on invalid domain errors (NXDOMAIN).
If the DNS lookup was encrypted, then obviously the ISP could not hijack a DNS lookup that was going to another DNS Server and route it to their own, but as far as I can tell, there's no evidence that they are doing that. They also wouldn't be able to use DNS lookups that are going to third party DNS servers to accumulate lists of visited websites, but they can do that anyways since 99.999% of the time right after a DNS lookup is done, the next step is to actually go to that IP address. So they have that information anyways.
So why are they opposing it? I suspect because they know if encrypted DNS lookups become standard, it will mean a cost to them to implement. Sure, there's also the failed DNS lookup aspect to it, but since pretty much every browser these days uses a unified address bar, most people expect a search page to show up if they mistype a domain name. So I'd be surprised if any ISPs even bother to hijack NXDOMAIN errors anymore since more often than not the browser is going to handle it.
Re: The Reason Telecoms don't Want Encrypted DNS Lookups
C:\> nslookup
Off the top of my head, Charter and Comcast are still doing it also.
Re: Re: The Reason Telecoms don't Want Encrypted DNS Lookups
Just a note for any "Level3 isn't an ISP" folks:
When FiOS got handed over to Frontier, those DNS servers were often proposed for folks w/ static IPs. Frontier's current DNS servers return the same IPs for NXDOMAIN (as Level3's DNS).
Synopsis: ISP's Buddy hijacking DNS != ISPs don't hijack DNS.
ref: other Frontier DNS servers
https://www.dslreports.com/forum/r31831677-Faster-Internet-Frontier-DNS-settings
Re: Re: The Reason Telecoms don't Want Encrypted DNS Lookups
Hijacking NXdomain and replacing them with landing pages was pioneered by Verizon, and they still do it.
More privacy for consumers is a good thing,
isp,s selling data to private companys could be a security risk,
the less companys that have acess to your browsing data ,
the less chance of it been hacked and even being leaked on the web
and to being used to gain acess to financial info like credit card info ,
purchasing info.
Most people do not want info leaked of for instance the fact they pay to buy adult dvds or stream xx rated movies .
Private companys have a bad record of securing user data from being hacked .
Google and facebook are criticised for selling user data to advertisers ,
meanwhile isp,s get a free pass to any small private company .
i would trust google or mozilla than any isp .
