The UK’s Internet Services Providers’ Association (ISPA), the trade group for UK internet service providers, nominated the browser maker for its proposed effort to roll out the security feature, which they say will allow users to “bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK”.
Mozilla said late last year it was planning to test DNS-over-HTTPS to a small number of users.
Whenever you visit a website — even if it’s HTTPS-enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. The security standard is implemented at the app level, making Mozilla the first browser to use DNS-over-HTTPS. By encrypting the DNS query, it protects the DNS request against man-in-the-middle attacks, which allow attackers to hijack the request and point victims to a malicious page instead.
DNS-over-HTTPS improves performance, making DNS queries faster although in our experience things have been slowing a bit since we installed it.
However, ISPA doesn’t think DNS-over-HTTPS is compatible with the UK’s glorious website blocking regime.
Under UK law, websites can be blocked for facilitating the infringement of copyrighted or trademarked material or if they are deemed to contain terrorist material or child abuse imagery. In encrypting DNS queries, it’s claimed that it will make it more difficult for internet providers to filter their subscribers’ internet access.
UK spooks GCHQ and the Internet Watch Foundation, which maintains the UK’s internet blocklist, are furious that rolling out encrypted DNS features to the browser will make all their efforts to stop people masturbating have gone nowhere.
We guess they are worried that British people will go blind with all that freedom.
ISPA said: “Bringing in DNS-over-HTTPS by default would be harmful to online safety, cybersecurity and consumer choice,” but said it encourages “further debate.”
Mozilla spokesperson Justin O’Kelly said: “We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure.”
“Despite claims to the contrary, a more private DNS would not prevent the use of content filtering or parental controls in the UK. DNS-over-HTTPS (DoH) would offer real security benefits to UK citizens. Our goal is to build a more secure internet, and we continue to have a serious, constructive conversation with credible stakeholders in the UK about how to do that.”
“We have no current plans to enable DNS-over-HTTPS by default in the UK However. We are currently exploring potential DNS-over-HTTPS partners in Europe to bring this important security feature to other Europeans more broadly”, he added.