Mozilla says ISPs are lying to Congress about encrypted DNS – Naked Security


Mozilla on Friday posted a letter urging Congress to take the broadband industry’s lobbying against encrypted DNS within Firefox and Chrome with a grain of salt – they’re dropping “factual inaccuracies” about “a plan that doesn’t exist,” it says.

Both of the entities behind those browsers – Mozilla and Google – have been moving to embrace the privacy technology, which is called DNS over HTTPS (DoH). Also backed by Cloudflare, DoH is poised to make it a lot tougher for ISPs to conduct web surveillance; to hoover up web browsing activity and, say, sell it to third parties without people’s consent; or to modify DNS queries so they can do things like inject self-promoting ads into browsers when people connect to public Wi-Fi hotspots.

Those are just some of the ISP sins that Mozilla listed in its letter, which urged the chairs and ranking members of three House of Representatives committees to examine the privacy and security practices of ISPs, particularly with regards to the domain name services (DNS) ISPs provide to US consumers.

DoH isn’t a panacea – you can check out Paul Ducklin’s explanation of the issues it raises in the Naked Security podcast below – but it promises to at least seriously gum up tracking and monetization of data.

In September, Mozilla announced that it would turn on DoH by default for users of the Firefox browser’s desktop version in the US. Within days, Google issued a me-too, officially announcing its own DoH experiment in Chrome.