Google, UK ISPs and Gov Battle Over Encrypted DNS and Censorship

Discussion in 'privacy general' started by mood, Apr 22, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    18,818
    Google, UK ISPs and Gov Battle Over Encrypted DNS and Censorship
    April 22, 2019
    https://www.ispreview.co.uk/index.p...battle-over-encrypted-dns-and-censorship.html
     
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,071
    Location:
    Lloegyr
    Google sticking it to the UK government, weirdly ironic, but oddly satisfying. :argh:
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    18,818
    DNS over HTTPS is coming whether ISPs and governments like it or not
    April 24, 2019
    https://nakedsecurity.sophos.com/20...-whether-isps-and-governments-like-it-or-not/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    18,818
    Mozilla Nominated for 'Internet Villain' by Angry ISPs
    Shaming of Mozilla Over Secure DNS Raises Security Community Eyebrows
    July 5, 2019
    https://www.bankinfosecurity.com/mozilla-nominated-for-internet-villain-by-angry-isps-a-12726
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,352
    Location:
    Here
    I guess we all know who villain is in this story :)
     
  6. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,705
    This is FUD. Yes, the Qihoo 360 Labs report several times mentions DNS over HTTPS. But obviously the are not talking about the DNS-over-HTTPS protocol. Rather, the report is about a malware that sends DNS requests encapsulated in encrypted HTTP requests. That malware can use encrypted data channels to disguise its DNS requests has always been possible. It has nothing to do with DoH. All those reports suggesting this are misleading. This is also what Daniel Sternberg, the well-known curl developer, points out.
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    18,818
    Mozilla: No plans to enable DNS-over-HTTPS by default in the UK
    But there's nothing stopping users from enabling the DNS-over-HTTPS feature in Firefox on their own, though
    July 6, 2019

    https://www.zdnet.com/article/mozilla-no-plans-to-enable-dns-over-https-by-default-in-the-uk/
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,352
    Location:
    Here
    How to enable DNS-over-HTTPS (DoH) in Firefox
    https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    77,231
    Location:
    Texas
  11. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    646
    Mozilla introduces encrypted DNS for masses and UK spys & ISPs throw a fit?
    Bah...

    encrypting DNS has been possible for long time already:

    1) Own Android phone that can get Pie 9 update? Google made it possible to use DNS-over-TLS from the settings in that version.

    2) Own Android phone that can't get Pie? Install Intra (https://play.google.com/store/apps/details?id=app.intra) from Google Play.

    3) For laptops & Desktops theres more choices: VPN, Tor, Unbound, DNScrypt, SSH tunneling etc.... all which can be used to bypass ISPs DNS snooping.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,931
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    18,818
    ISPA Pulls UK Internet Villain Category Over Mozilla DoH Fallout
    July 10, 2019
    https://www.ispreview.co.uk/index.p...illain-category-over-mozilla-doh-fallout.html
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,931
    Yeah, good old Streisand effect ;)
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,781
    Location:
    UK
    Almost as embarrassing as the UK political debacles, although I'd say, nobody's that stupid. It was always the case that any DNS monitoring was embarrassingly face-saving rather than functional, trapping the inept.

    What is clear is that subversion of DNS was too easy before, and is now slightly harder. The spooks now just need to apply to Google etc.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,931
    Huh. So maybe ISPs loved it because it was easy, and didn't require much work.

    And if authorities move to IP-based filtering, that'll require actual work by ISPs.
     
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,781
    Location:
    UK
    It's also that the authorities wanted the ISPs to collect - at great cost - "Internet Connection Records", which was required of them by the Investigatory Powers Act. While the term was absurd and woolly, what it meant was that the ISPs already collect the websites their customers visited and the time when they do so. Therefore any scheme which renders this more difficult (including requiring reverse DNS lookups), is going to be resisted.

    The delay in the implementation of things like the UK porn site access illustrates similar problems, namely that politicians wanted instant fixes regardless of reality. But these things are chickens coming home to roost.
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    18,818
    DoH! Mozilla assures UK minister that DNS-over-HTTPS won't be default in Firefox for Britons
    September 24, 2019
    https://www.theregister.co.uk/2019/09/24/mozilla_backtracks_doh_for_uk_users/
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,931
    OK. So people in UK who use VPN services will get it?

    Also, I note that there's considerable concern about using Cloudflare for all those DNS lookups.
     
  20. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,781
    Location:
    UK
    Who knows whether it'll use source IP or system locale. But I don't see how it can really do either if we're talking Linux repos? I guess it's more localisation than we're used to.... Perhaps time to examine the repo sources and locales I use.

    I'm actually one who doesn't want default DoH behavior - DoT on pfSense works just fine and gives more control, and DoH on the clients is going to interfere.

    The reality is that reliance on monitoring DNS queries (and the silly ICRs) was always a flawed approach. But then, they shouldn't be doing the mass surveillance. I'm very unhappy with third parties storing this stuff because they cannot keep it safe, and if nothing else, it tends to expose things like the financial institutions you use and makes it easier for an attacker who has that information.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.