Comcast And Mozilla Partner Up To Help Encrypt DNS

from the strange-bedfellows dept

Over at our Tech Policy Greenhouse, Article19's Joey Salazar and Consumer Reports' Benjamin Moskowitz just discussed how it's long past time to encrypt the Domain Name Server (DNS) system at the heart of the internet. Thanks to the GOP demolishing of FCC broadband privacy rules in 2017, ISPs have carte blanche to monetize this data as they see fit, storing and selling access to your DNS browsing data to data brokers who continue to build detailed user profiles with little to no meaningful oversight.

At the forefront of encrypting DNS have been Google and Mozilla, both of which have been pushing for a standard known as "DNS over HTTPS," a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. The proposal doesn't come without downsides, and has seen opposition from ISPs that are either eager to continue to profit off of this data, or are worried that somebody else will (usually Google) if they can't.

Comcast, AT&T, and others had previously been trying to demonize the Google and Mozilla efforts any way they could, from insisting the move constitutes an antitrust violation on Google's part (it doesn't), to saying it's a threat to national security (it's not), to suggesting it even poses a risk to 5G deployments (nah).

After Mozilla claimed to Congress that ISPs were being disingenuous with their opposition to the plan, at least one major ISP appears to have come around to the proposal. This week Mozilla announced that Comcast had joined the Firefox Trusted Recursive Resolver (TRR) program, which requires encrypted-DNS providers to not only meet privacy and transparency standards, but to promise not to block or filter domains by default "unless specifically required by law in the jurisdiction in which the resolver operates." From the blog post:

"This program aims to standardize requirements in three areas: limiting data collection and retention from the resolver, ensuring transparency for any data retention that does occur, and limiting any potential use of the resolver to block access or modify content. By combining the technology, DoH, with strict operational requirements for those implementing it, participants take an important step toward improving user privacy."

While Comcast has a well-deserved and terrible reputation for anti-competitive behavior, lobbying shenanigans and comically awful customer service, the company's engineering folks remain top notch, and obviously appreciate the benefits of encrypting the DNS in the wholesale snoopvertising age. In conversations, the company continues to insist to be they've never monetized this data (not that anybody in government would ever have the ability or courage to confirm this), and had been running a beta version of its own encrypted DNS offering since last year.

Mozilla helping to standardize this and forming a coalition with Comcast is foundational, and under the partnership, Comcast is promising to not "retain, sell, or transfer to any third party (except as may be required by law) any personal information, IP addresses, or other user identifiers, or user query patterns from the DNS queries sent from the Firefox browser." Now it's just a matter of Comcast transparently proving that they're actually adhering to those standards.

Filed Under: dns, dns over https, encryption
Companies: comcast, mozilla


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Alphonse Tomato (profile), 26 Jun 2020 @ 10:47am

    I'll be sticking to the DNS provided by my VPN, thank you. I trust them way more than I trust Comcast. Sure, the VPN is a potential single point of failure, but that's better than having multiple potential points of failure. And if the VPN is compromised, snooping on DNS is irrelevant.


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.