Mozilla: ISPs Are Lying About Encrypted DNS, Should Have Privacy Practices Investigated

from the ill-communication dept

In a bid to avoid losing access to the cash cow that is your daily browsing data, ISPs like Comcast have been lying about Google and Mozilla's quest to encrypt DNS data. The effort would effectively let Chrome and Mozilla users opt in to DNS encryption -- making your browser data more secure from spying and monetization -- assuming your DNS provider supports it. Needless to day, telecom giants that have made billions of dollars monetizing your every online behavior for decades now (and routinely lying about it) don't much like that.

As a result, Comcast, AT&T, and others have been trying to demonize the Google and Mozilla efforts any way they can, from insisting the move constitutes an antitrust violation on Google's part (it doesn't), to saying it's a threat to national security (it's not), to suggesting it even poses a risk to 5G deployments (nah).

Mozilla this week came out with a letter not only taking aim at those claims, but urging Congress to investigate telecom's long history of privacy problems:

"Our recent experience in rolling out DNS over HTTPs (DoH)—an important privacy and security protection for consumers—has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over internet usage," the letter, signed by Marshall Erwin, senior director of trust and security and Mozilla, reads. "With this in mind, a congressional examination of ISP practices may uncover valuable insights, educate the public, and help guide continuing efforts to draft consumer privacy legislation."

While there's obviously plenty of perfectly legitimate criticism of Silicon Valley giants like Facebook and Google, we've been noting how telecom lobbyists have been quietly co-opting this backlash to help the telecom sector. So far you'd have to view these efforts as successful; while the government hyperventilates about Facebook and whether it should be broken up and heavily regulated, telecom has convinced lawmakers to effectively obliterate all oversight of telecom, despite the sector having historically been every bit as terrible as Facebook on the subjects of privacy, consumer rights, and competition.

As a result there are a few lawmakers (Marsha Blackburn comes quickly to mind) who claim to be utterly incensed at Facebook's behavior, but have chosen to give telecom a free pass. Mozilla's letter urges Congress to, you know, stop doing that if they want to be taken seriously:

"We believe that more information regarding ISP practices could be useful to the Committee as it continues its deliberations on this front, and we encourage the Committee to publicly probe current ISP data collection and use policies."

As we look to craft what the privacy standards and guidelines of tomorrow look like, it's another reminder of how focusing too exclusively on the missteps of Silicon Valley giants obscures the fact that these problems aren't just exclusive to "big tech." Mozilla's spot on when it notes that privacy solutions that don't consider telecom aren't much of a solution in the first place.

Filed Under: congress, dns over https, doh, encrypted dns, privacy, security
Companies: at&t, comcast, google, mozilla, verizon


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    jlivingood (profile), 8 Nov 2019 @ 3:10pm

    Re: Re: The Reason Telecoms don't Want Encrypted DNS Lookups

    Comcast is definitely *not* doing that (I work there). Here is a demonstration using dig @ that server and a name that does not exist. 1st example results in NXDOMAIN. 2nd example gets a SERVFAIL, likely because the auth server does not respond to recursions from 4.2.2.2. dig @4.2.2.2 nonamehere.example.com ; <<>> DiG 9.10.6 <<>> @4.2.2.2 nonamehere.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19479 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 8192 ;; QUESTION SECTION: ;nonamehere.example.com. IN A ;; AUTHORITY SECTION: example.com. 1884 IN SOA ns.icann.org. noc.dns.icann.org. 2019101516 7200 3600 1209600 3600 ;; Query time: 84 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Fri Nov 08 18:06:57 EST 2019 ;; MSG SIZE rcvd: 107 dig @4.2.2.2 flubboxzing.org ; <<>> DiG 9.10.6 <<>> @4.2.2.2 flubboxzing.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38884 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;flubboxzing.org. IN A ;; Query time: 24 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Fri Nov 08 18:09:20 EST 2019 ;; MSG SIZE rcvd: 33

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.