Tag Archives: DNS over HTTPS

Mozilla (Firefox) Named Internet Villain for Supporting Privacy

Okay, this is going to take a little bit of explaining so bear with me, but it is important.

Everyone knows about the padlock in their browser with says that the traffic to that web site is encrypted using Secure Sockets Layer (SSL) encryption, which has now been upgraded to Transport Layer Security (TLS).  The differences between SSL and TLS are technical and not relevant to this conversation.  This keeps the actual data that you send and receive private (mostly).

But there is one big hole that allows ISPs to track you (and sell your data) as well as the government to see who is going where and that is Domain Name Service (DNS).  DNS is the technology that translates the name you put in your browser  www.ThisIsACoolSite.com) into the numbers that the Internet actually uses (123.45.670.02).  DNS traffic, up until now, has not been encrypted.

Now both Google (Chrome) and Mozilla (Firefox) are testing DNS over HTTPS or DoH and both will be incorporating them into their browsers by default.  Mozilla is a little bit ahead of Google, but not by much.

The UK Internet Service Providers trade group gave Mozilla (but not Google – why?) the title of Internet villain for protecting people’s privacy.  Why?  Because it makes it tougher for them to spy on users.

It is important to understand that even with DoH the actual IP address of the web site that you visit will be visible to your ISP, so don’t go too crazy, but if the web server hosts hundreds of websites, like many do, some of the detailed data will be invisible to your ISP and the government, protecting your privacy a little bit and annoying your ISP and the government equally.

Interestingly, the US government, which usually whines loudly about anything that reduces their spying ability hasn’t said anything.  They still have time.  They probably will want to do something like China has done, which is to install spyware on everyone’s phones so that they can get your data directly.  Not here.  Yet.

The other thing about DoH is that it works at the app level, so even if the operating system doesn’t support DoH, as long as you have a current browser, you are protected.

The UK’s nanny state is worried that their system for blocking you from visiting sites that you want to visit but they don’t want you to visit won’t work any more.

In fact, in the UK but not in the US (yet) there is a law that requires ISPs to block sites the government says are bad (what could go wrong with that?)  This may make that hard or impossible to do, but my guess is that the government can’t force ISPs to do something that is technically impossible for them to do.  I suppose, it could ban Chrome and Firefox or make them create a crippled version for UK users (remember the crypto wars from the 1990s where the US government forced software makers to release crippled versions of their software if they made their software available internationally?  We are still dealing with the fallout from that, 25 years later).

At least GCHQ (the UK’s version of the NSA) is being honest about it.  They say is will impede their ability to spy on people.

Stay tuned, this war is not over yet.  No government likes it when their ability to spy on their citizens is reduced.

Source: ZDNet.

 

 

Facebooktwitterredditlinkedinmailby feather