UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' | ZDNet

UK government and local ISPs are putting the pressure on browsers to drop plans to support DoH protocol.

@ScottMortimer Ugh, this enrages me so much. DoH is a positive step in the right direction.

@ScottMortimer I still need some explanation as to how DNS-over-HTTPS is so bad for parental controls (as if you couldn't pick up a custom DoH with a blocklist, use routers with firewalls, so on)... of course, if that was their ONLY (true) concern, this wouldn't be an issue

@espectalll @ScottMortimer isn't the essence of the problem that, because DoH allows apps to select their own DNS resolvers rather than taking from the OS, a malicious app could bypass safe / filtered resolvers in favour of their own without the user knowing (or the ISP being able to guard against)? So not so much Mozilla's fault as a problem with the protocol?

@hedders @ScottMortimer you can also configure apps already to use custom DNS resolvers - you communicate with those resolvers using plaintext though, so it's not like anything changes from a surveillance/blocking perspective

@espectalll @ScottMortimer Ah! Good to know. Would I be right in thinking though that the ISPs' complaint - that they are legally obliged to filter out certain stuff and that DoH makes that much harder - is still a valid one? (setting aside the wisdom or otherwise of the law which requires this)

@hedders @ScottMortimer Indeed, although they can still know which DoH resolver you're trying to use, block it and offer their own DoH instead, as well as when you establish a connection with a website for the first time (so they still get that as well!).

Also, it's not like they lobbied against those laws, they were pretty much fine with them, and they are more so now.

@espectalll @hedders @ScottMortimer So, basically, use a VPN proxy that also supports DNS request forwarding, or failing that, a secure DNS that supports DNSSEC.

Also avoid malware that can track your location such as Facebook's and Google's apps. Custom ROM on Android phones that don't use Google's apps, for example, is a good start.

@espectalll @ScottMortimer Hm. Hard to see what the ISPs are complaining about then. Thank you; it's been an education.

@espectalll @ScottMortimer If you install parental control on the device itself then it will still be able to achieve what it should, but proxies wont be able to block DNS requests anymore(which is basically not a bad thing)

@ScottMortimer In my opinion the best part of the article: Mozilla was nominated for preventing certain ways to block access to information, while at the same time Art. 13 was nominated (how do you nominate a paragraph of text?) for "threatening freedom of expressing".

csa mention 

Proof that DoH is good and absolutely necessary: The UK government and ISPs oppose it fiercely.

@one DoH isnt necessary, there's already DNS over TLS, dnscrypt, and other lightweight standards that dont require the fucking http stack

@ScottMortimer My ISP Andrews and Arnold donated the ISPA membership fee to the Mozilla Foundation over this:

@ScottMortimer there are valid criticisms of DNS-over-HTTPS, but this isn’t one of them 😁.

@ScottMortimer But from a brief readthrough, DOH is awesome, and should absolutely be legal?!

@ScottMortimer DNS over HTTPS (which Android 9 already supported, but I guess Google is too powerful to make an enemy of) is the ray of hope against heavy-handed government #censorship and #surveillance in Indonesia and many countries. No wonder some ISPs are worried, given how much they want to get into the #surveilancecapitalism game themselves

@ScottMortimer Governments being angry because of improved security is my jam!

Mozilla should wear their 'Internet Villain' award as a badge of pride. The UK government's constant attack on internet privacy, such as the Investigatory Powers Act and the 'porn block', needs to be stopped. ISP's and the government should not be allowed to spy on you. If the police think you have done something wrong they should get a warrant and search your house.

@ScottMortimer imagine what they will call them when they include handshake protocol addresses!

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.