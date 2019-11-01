from the defeating-the-purpose-(DoH!) dept.
Talk about the fox guarding the hen house. Comcast to handle DNS-over-HTTPS for Firefox-using subscribers
Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced.
This means the ISP, which has joined Moz's Trusted Recursive Resolver (TRR) Program, will perform domain-name-to-IP-address lookups for subscribers using Firefox via encrypted HTTPS channels. That prevents network eavesdroppers from snooping on DNS queries or meddling with them to redirect connections to malicious webpages.
[...] At some point in the near future, Firefox users subscribed to Comcast will use the ISP's DNS-over-HTTPS resolvers by default, though they can opt to switch to other secure DNS providers or opt-out completely.
[...] Incredibly, DNS-over-HTTPS was heralded as a way to prevent, among others, ISPs from snooping on and analyzing their subscribers' web activities to target them with adverts tailored to their interests, or sell the information as a package to advertisers and industry analysts. And yet, here's Comcast providing a DNS-over-HTTPS service for Firefox fans, allowing it to inspect and exploit their incoming queries if it so wishes. Talk about a fox guarding the hen house.
ISPs "have access to a stream of a user’s browsing history," Marshall Erwin, senior director of trust and security at, er, Mozilla, warned in November. "This is particularly concerning in light of the rollback of the broadband privacy rules, which removed guardrails for how ISPs can use your data. The same ISPs are now fighting to prevent the deployment of DNS-over-HTTPS."
Mozilla today insisted its new best buddy Comcast is going to play nice and follow the DNS privacy program's rules.
And, no lie, I just donated to Mozilla today. I hope I can get my credt card company to reverse that!
Hello Corporatism, hello Fascism, hello Mozilla, hello Google, hello Comcast, Hello Visa, Hello Mastercard!
aaactually, yes, yes you can. Within at least 10 days since date of the transaction or so.
Do a chargebaaaaaaaaack. CB.
These are bad for merchants credit rating, and might make their credit card acquirer "offer" the merchant longer settlemnt times, and higher % on transactions.
Enough of these, and im pretty sure they lose their 3d secure by mastercard and safekey by amex and whatever visa has to justify that extra fee in the acquirers price package...
You can get fucked by Comcast and Firefox at the same time, or you can get fucked by Google once.
This whole DNS over HTTPS stuff just doesn't make much sense. A client's DNS query should normally go to a DNS sever provided by the ISP. There should be little need to encrypt that, as this should only travel over the ISP's network.
Now, the main reason to use a non-ISP DNS server is to avoid intentionally corrupted DNS servers that redirect to advertising. Why such poisoned DNS servers are even legal is just one small example of how fucked up this world is. But what prevents DNS over HTTPS providers from doing the same thing? Nothing?
Unless you intentionally use another DNS, the ISP already has your DNS browsing data anyway, so why shouldn't they also provide a DNS over HTTPS server in addition to DNS? (Please tell me nobody is planning to drop DNS any time soon).