Mozilla: No plans to enable DNS-over-HTTPS by default in the UK
After the UK’s leading industry group of internet service providers named Mozilla an “Internet Villain” because of its intentions to support a new DNS security protocol named DNS-over-HTTPS (DoH) inside Firefox, the browser maker told ZDNet that such plans don’t currently exist.
“We have no current plans to enable DoH by default in the UK,” a spokesperson ZDNet last night.
The browser maker’s decision comes after both ISPs and the UK government, through Members of Parliament and the GCHQ, have criticized Mozilla and fellow browser maker Google during the last two months for their plans to support DNS-over-HTTPS.
The technology, if enabled, would thwart the ability of some internet service providers to sniff customer traffic in order to block users from accessing bad sites, such as those hosting copyright-infringing materials, child abuse images, and extremist material.
UK ISPs block websites at the government requests, they also block other sites voluntarily at the request of various child protection groups, and they block adult sites as part of parental controls options they provide to their customers.
Not all UK ISPs will be impacted by Mozilla and Google supporting DNS-over-HTTPS, as some use different technologies to filter customers’ traffic; however, the Internet Services Providers Association (ISPAUK), a trade association for internet service providers in the UK, decided to nominate Mozilla for its award of 2019 Internet Villain, next to Donald Trump and the EU’s Article 13 Copyright Directive.
Mozilla said last month DoH won’t be enabled in the UK
Mozilla, which is far ahead of Google in regards to supporting DoH inside its Firefox browser, has been taking the brunt of most criticism coming from UK officials, child protection advocacy groups, and local ISPs, who now fear their efforts for the last decades are going to go to waste.
Mozilla ran DoH tests in Firefox in early 2018, which were incredibly successful, and DoH support has been included in the stable Firefox version since v60; however, the feature is not enabled by default for Firefox users.
In a Sky News piece from June, Mozilla said it would work with UK regulators to make sure Firefox’s DoH support won’t interfere with the country’s website blocklists and ISP parental control systems.
A week later, GCHQ attacked Mozilla after the browser maker requested that the UK’s site blocklists be made public during negotiations in order to support the blacklisting of bad sites for its DoH feature. The GCHQ argued that publishing the blocklists of various child protection organizations would lead to the creation of a “‘Yellow Pages’ of child porn” with anyone being able to see where this type of content was hosted. The browser maker later relented and said it would not enable DoH support in the UK.
In addition, the organization also said it would disable DoH “automatically within companies, libraries, schools and other organisations that have managed networks or custom DNS settings,” so the feature won’t allow users to bypass security restrictions put in place at organizations all over the world.
DoH support to be enabled for other Europeans
But the browser maker seems intent on enabling the feature by default, eventually, at least in other countries.
“We are currently exploring potential DoH partners in Europe to bring this important security feature to other Europeans more broadly,” Mozilla told ZDNet.
The browser maker also feels that fears around the new DoH protocol have been exaggerated, an opinion that many internet networking experts have shared with ZDNet.
Browsers making DNS domain queries via HTTPS is not the catch-all privacy solution that many people think it is. There are other methods through which ISPs can observe and infer the websites a user is accessing and filter traffic at later points.
“We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades old internet infrastructure,” Mozilla said.
“Despite claims to the contrary, a more private DNS would not prevent the use of content filtering or parental controls in the UK. DNS-over-HTTPS (DoH) would offer real security benefits to UK citizens.
“Our goal is to build a more secure internet, and we continue to have a serious, constructive conversation with credible stakeholders in the UK about how to do that,” the browser maker told us.
A tutorial on how to enable DoH support in Firefox is available here, for UK users who wish to enable the feature in Firefox right now. Currently, Chrome doesn’t support DoH, but work is ongoing.