Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced.
This means the ISP, which has joined Moz's Trusted Recursive Resolver (TRR) Program, will perform domain-name-to-IP-address lookups for subscribers using Firefox via encrypted HTTPS channels. That prevents network eavesdroppers from snooping on DNS queries or meddling with them to redirect connections to malicious webpages.
[...] At some point in the near future, Firefox users subscribed to Comcast will use the ISP's DNS-over-HTTPS resolvers by default, though they can opt to switch to other secure DNS providers or opt-out completely.
[...] Incredibly, DNS-over-HTTPS was heralded as a way to prevent, among others, ISPs from snooping on and analyzing their subscribers' web activities to target them with adverts tailored to their interests, or sell the information as a package to advertisers and industry analysts. And yet, here's Comcast providing a DNS-over-HTTPS service for Firefox fans, allowing it to inspect and exploit their incoming queries if it so wishes. Talk about a fox guarding the hen house.
ISPs "have access to a stream of a user’s browsing history," Marshall Erwin, senior director of trust and security at, er, Mozilla, warned in November. "This is particularly concerning in light of the rollback of the broadband privacy rules, which removed guardrails for how ISPs can use your data. The same ISPs are now fighting to prevent the deployment of DNS-over-HTTPS."
Mozilla today insisted its new best buddy Comcast is going to play nice and follow the DNS privacy program's rules.
(Score: 4, Informative) by Anonymous Coward on Saturday June 27 2020, @02:21AM (5 children)
No,
What should have been apparent the minute that DNS/HTTPS was even suggested, was that this was going to be used to turn the Internet into a layer 4 service ONLY. This is about Mozilla accepting that the future of the Internet is a walled garden only service, and making alliances to insure it has a position in that market.
In the 90's the world experienced the greatest global expansion of civil rights in history. My guess is by 2035 there will be political reeducation camps in the U.S.. That is the direction we are heading, and it isn't a partisan thing. The right is calling for martial law, and the left is calling on the abolishment of the 1st amendment. That is pretty much what happened in the 1930's in Germany.
The systematic disassembly of free interchange, is the crystalnacht of the Internet. Mozilla just broke a shit ton of windows. Congratulations motherfuckers.
(Score: 0) by Anonymous Coward on Saturday June 27 2020, @08:28AM
True. Every corporation seems to be heading the same direction, so it doesn't really matter what the stooges on the Hill think.
(Score: 1, Informative) by Anonymous Coward on Saturday June 27 2020, @11:52AM (2 children)
You're confusing the internet with the world wide web.
(Score: 2, Informative) by Anonymous Coward on Saturday June 27 2020, @03:23PM (1 child)
Apparently you didn't read: "OSI layer 4". What DNS/HTTPS does is constrains the transport of layer 3 datagrams into a layer 4 tunnel that is isolated by browser vendors. It doesn't actually matter where you think they are sending your resolver data. The fact that it isn't being done at layer 3 means they can send it ANYWHERE they want once it is in the tunnel.
It is compulsory-by-ignorance opt-out theft of data that is "papers, and effects" from a constitutional standpoint. What they are doing constrains choice. It constrains trade. It restricts diagnostic capacity. It surveills without informed consent. It makes it easier for ISP's to filter. But worst of all, it makes it easier for the carriers to call the Internet an "information service", rather than the "Internet" (big I, there is a difference).
That has severe legal ramifications in terms of the restoration of civil rights, and it mitigates the consumer view that the the Internet is a distributed service. Most people have the view that the Internet is all port 80,443. By aggregating DNS it puts the carriers in a position where they can filter everything but 80,443, and most people won't notice. This is a HUGE problem.
There is a correct way to fix DNS. DNS/HTTPS isn't it. DNS/HTTPS is a lazy approach to security. Which is to say it constrains, without taking any consideration of long term effects. Particularly the civil rights of the general public.
(Score: 0) by Anonymous Coward on Saturday June 27 2020, @05:47PM
hear, hear!
(Score: 2) by VLM on Saturday June 27 2020, @08:39PM
Just call them college campuses