An odd story popped up on my social media feed over the weekend.
The Internet Services Providers’ Association has nominated Mozilla to be an ‘internet villain.’ This seemed rather odd given that the Firefox web browser is the only mainstream browser currently being developed independently
of any company*. Looking closer at their reasoning, ISPA writes:
Mozilla – for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK
Theres a whole other post planned around the new web filtering that is being introduced in the UK (Which is already filtered more than many might expect). Its been sitting in planned posts for a while, the summary however is that a much delayed web filter for adult content, blocking non-compliant sites to catch those that are outside the UK. The UK ISPs also have to filter out website that has been officially blocked, either by court order (mostly sites enabling copyright infringement) or websites that have been reported to them for illegal content, from places such as The Internet Watch Foundation.
The various rights and wrongs of this, the basics of it however are that if you block ‘bad stuff’ you can also block anything else, particularly places like China and the Great Firewall. When writing software to help people in oppressed countries bypass filters. This is where DNS over HTTPS comes in. This is a new protocol that was tested earlier this year in Firefox and Mozilla and Google are bringing to their browsers.
A DNS query is how a web browser and other internet applications translate the web addresses such as
newmediathinking.com into the location of the server (remote computer) where the website is located. At present, these use a very antiquated system from the 1980’s. Of great concern is that all data for these look ups is sent unencrypted, which means anyone could listen into these queries and note which websites you where visiting. A new protocol, DNS over HTTPS solves this by encrypting these quires and securing them from interference. This stops hackers from changing the results and redirecting to a bad site, and it also stops web filters, including the proposed (and currently operational) filters UK ISPs use, by blocking DNS quires.
UK FEARS DOH WILL CRIPPLE ITS NATIONAL WEB BLOCKING SCHEME
In the UK, ISPs are legally forced to block certain types of websites, such as those hosting copyright-infringing or trademarked content. Some ISPs also block other sites at their discretion, such as those that show extremist content, adult images, and child pornography. These latter blocks are voluntary and are not the same across the UK, but most ISPs usually tend to block child abuse content.
By planning to support DNS-over-HTTPS, Mozilla is throwing a monkey wrench in many ISPs’ ability to sniff on customers’ traffic and filter traffic for government-mandated “bad sites.”
Concerning the dilemma browser makers face in supporting the new technology, they also referred to the issue with Tor, which through a different method, also gets around these filters to support people in countries where they have to deal with government sanctioned filters to reach western sites such as Twitter, Facebook and Wikipedia in some cases. Tor also hides who they are by re-routing their internet traffic.
Basically, Google and Mozilla’s support for DoH effectively narrows down to the same moral dilemma that surrounds the Tor Project and the Tor network.
Browser makers must now decide if it’s worth supporting a tool that brings privacy improvements to millions, at the expense of a few that may have to suffer.
A lot of this also crosses paths with what I wrote about building an independent internet. Written at the time the Egyptian government was shutting down internet access, Thoughts of a Pirate Internet asks what it would take to build an independent infrastructure, the how it might be done and why it might be important.
Mozillas response, as reported by ZDNet:
“DNS-over-HTTPS (DoH) would offer real security benefits to UK citizens. Our goal is to build a more secure internet, and we continue to have a serious, constructive conversation with credible stakeholders in the UK about how to do that,” the organization said.
“We have no current plans to enable DoH by default in the UK. However, we are currently exploring potential DoH partners in Europe to bring this important security feature to other Europeans more broadly.”
Whilst I do have some feelings about where the ISPs are coming from, I do wonder why they themselves are not backing increasing internet security for everyone first. As the internet matures, it’s no longer the happy go lucky place it was, and how we flag undesirable content (and how that is decided needs to be more transparent) and apply parental controls are important. Doing this at the expense of improving internet security for everyone, when we are more dependant on it than ever could be very dangerous. I hope Mozilla continue this implementation.
Update : ISPA withdraws the nomination.
* Mozilla does receive substantial income from Google for being the default search provider, which is a source of controversy over its independance.
Featured image by janjf93