Major ISPs are obstructing lobbying activities of Google that encrypts DNS communication


Kaboompics .com

When accessing a website with a browser, the Domain Name System (DNS) is used to convert the domain name into an IP address. In general, DNS communication is performed in clear text, but Google and others are working to improve security by encrypting this DNS communication. However, it became clear that a comcast from a major Internet service provider (ISP) was hindering DNS communication encryption through lobbying.

Comcast Is Lobbying Against Encryption That Could Prevent it From Learning Your Browsing History-VICE

Conventional DNS communication performed in plain text has the risk of the contents being stolen or tampered with by a third party, and ISPs were able to know which website the user accessed. Therefore, Google and Mozilla are introducing DNS-over-HTTPS (DoH) that encrypts DNS communication using HTTPS connections that are already widely used to increase the security of DNS communication.

However, ISPs are strengthening the reaction to these browser development companies. It has been reported that ISPs have expressed various concerns about DoH, and there was a conflict between them.

What are the major ISPs' concerns about DoH, a technology that makes the Internet more secure? -GIGAZINE

by geralt

Meanwhile, the technology media Motherboard gets the presentation materials used by lobbying for a major ISP Comcast to block the DoH promotion plan and reports the details. Google has been experimenting with DoH in some environments since Chrome 78 , and privacy experts have praised Google for DoH. However, in Comcast presentations, it is pointed out that DoH will fundamentally change the Internet mechanism and consolidate the power of Google.

“Google ’s unilateral centralization of DNS raises serious issues related to cybersecurity, privacy, antitrust, national security and law enforcement, network performance and services, and other areas.” Should be stopped and the questions answered, 'Why is Google so rushed so far?', Etc. Comcast's presentation material has developed a critical reference to Google thing.

In the presentation material, Google's centralized management of data is considered dangerous under the premise that “Google is forcing DoH to be enforced to use its own DNS service”. But Motherboard pointed out that Google doesn't actually force Chrome users to use its own DNS service, and DNS services such as Cloudflare and CleanBrowsing are also protected by DoH. A Google spokesperson told Motherboard, “Google has no plans to centralize DNS services with Google or change people ’s DNS providers. We ’re going to be a centrally encrypted DNS provider. 'The claim that it is' is inaccurate. '

by rawpixel

Also, in the presentation materials, criticisms such as “the existing content filtering and parental control will not function due to the encryption of DNS” and “the law enforcement agency will not be able to obtain the communication history during the investigation” have been developed. The

A Google spokesman responded to the criticism: “DoH provides secure DNS communication, not user DNS, so content filtering and parental controls are all intact. “The way DNS providers work with law enforcement agencies according to court orders is no different,” he says. Motherboard pointed out that the presentation material used in comcast lobbying was inaccurate.

Comcast lobbying has been criticized by Mozilla, competing with Google. Marshall Erwin, senior director of security at Mozilla, said, “The slide is extremely misleading and inaccurate overall.” I have added an inaccurate explanation above. '

Mozilla is also planning to introduce DoH into its own browser Firefox , and is following the same path as Google in terms of increasing DNS communication security. “We essentially eliminate the power to aggregate and monetize ISP user data and provide users with control and default protection,” Erwin commented on Mozilla's policy.

Announced that Firefox will officially implement `` DNS over HTTPS (DoH) '' that encrypts communication with DNS-GIGAZINE

On the other hand, a comcast spokesperson insisted in an email to Motherboard that he wasn't monetizing by selling users' DNS data. “We support DNS encryption. However, to ensure that important parental controls and cyber security protection features are not broken by DoH, DoH is implemented in a careful and cooperative manner. I want to confirm that. ”

However, Motherboard was established in October 2016 as a result of lobbying by ISPs in 2017, `` Internet service providers (ISPs) must not sell browsing history to advertisers without user consent '' Pointed out that privacy rules have been destroyed . Erwin said, 'In any case, ISPs are using DNS communication data to do something opaque to their users and are working incredibly hard to protect future business models.' It was.

in Web Service,   Security, Posted by log1h_ik