Stories
Slash Boxes
Comments

SoylentNews is people

Comcast to Handle DNS-over-HTTPS for Firefox-Using Subscribers

posted by martyb on Friday June 26 2020, @11:07PM   Printer-friendly
from the defeating-the-purpose-(DoH!) dept.

chromas writes:

Talk about the fox guarding the hen house. Comcast to handle DNS-over-HTTPS for Firefox-using subscribers

Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced.

This means the ISP, which has joined Moz's Trusted Recursive Resolver (TRR) Program, will perform domain-name-to-IP-address lookups for subscribers using Firefox via encrypted HTTPS channels. That prevents network eavesdroppers from snooping on DNS queries or meddling with them to redirect connections to malicious webpages.

[...] At some point in the near future, Firefox users subscribed to Comcast will use the ISP's DNS-over-HTTPS resolvers by default, though they can opt to switch to other secure DNS providers or opt-out completely.

[...] Incredibly, DNS-over-HTTPS was heralded as a way to prevent, among others, ISPs from snooping on and analyzing their subscribers' web activities to target them with adverts tailored to their interests, or sell the information as a package to advertisers and industry analysts. And yet, here's Comcast providing a DNS-over-HTTPS service for Firefox fans, allowing it to inspect and exploit their incoming queries if it so wishes. Talk about a fox guarding the hen house.

ISPs "have access to a stream of a user’s browsing history," Marshall Erwin, senior director of trust and security at, er, Mozilla, warned in November. "This is particularly concerning in light of the rollback of the broadband privacy rules, which removed guardrails for how ISPs can use your data. The same ISPs are now fighting to prevent the deployment of DNS-over-HTTPS."

Mozilla today insisted its new best buddy Comcast is going to play nice and follow the DNS privacy program's rules.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Comcast to Handle DNS-over-HTTPS for Firefox-Using Subscribers | Log In/Create an Account | Top | 56 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jasassin on Saturday June 27 2020, @09:01PM (1 child)

    by jasassin (3566) <jasassin@gmail.com> on Saturday June 27 2020, @09:01PM (#1013379) Homepage Journal

    If you had the whole DNS database locally, then search requests might be both private and not redirected.

    I can't imagine how big that table would be. Anyone here have any idea (assuming it was possible).

    --
    jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Thursday July 02 2020, @07:00AM

    by Anonymous Coward on Thursday July 02 2020, @07:00AM (#1015297)

    There are 1511 public TLDs, according to IANA. Domain names have an arbitrary combination of 3 to 63 characters at a single level. Ignoring ccSLDs in specific, that would give you 1511 * sum(37 ** x for x in range(3, 64)) total domain names for just one level. There are restrictions like ccSLDs and punycode that would limit the number of SLDs, but they are such a small number compared to the overwhelming possibility of names available that it wouldn't make as large of a difference as you would think.