> In practice ISPs are the almost universally reprehensible in how they collect, track, and sell your data
... in your country.
For me it's the other way around; i'd rather trust my ISP because privacy laws in my country/EU are much better vs the US.
I interpret the move by Mozilla as hostile in regards of privacy, and i can't understand why EU politics don't intervene when a US company starts hijacking all Firefox users DNS requests (opt-out instead of opt-in.)
Interesting question... How would I file a complaint against Mozilla?
Their privacy policy is only available in English and lists Mozilla Corporation in Mountain View as the legal entity.
They probably don't conduct many business activities in the EU.
However, it looks like they are providing a website for "data subject access requests" which means they might fall under EU regulation as it sounds like a GDPR compliance thing.
The Cloudflare DNS servers you connect to are in the EU and are subject to EU regulation just like your ISP. You don't have 11 ms (or anything sub-~90 ms) latency to the US.
One thing to consider also is that unencrypted DNS means that virtually anyone can read (and modify) those requests, not just your ISP. That can be before the data enters your ISPs network, or at any point that isn't physically or technically well protected. Or, in the case of state actors, at any point really.
> or at any point that isn't physically or technically well protected
Kind of off topic, but I was wondering if ISPs use any encryption whatsoever between the home and their IX/servers. Could you theoretically attach something to the wire in the ground, or monitor a satellite-based internet signal, and observe the HTTP/unencrypted data?
There's no additional encryption layer if that's what you're asking. There will still be multiplexing and whatnot, but if you can recover a particular stream from that, it'll be the same stream that the endpoints see.
Optical fibres can move _way_ more data than actual households need, so you use one fibre to move data for, say, 16 endpoints until you get closer, and split it later, saving the cost of 15 long fibres.
You can do everything so that there are no active components out in the field where it's annoying except at the customer site, a passive splitter is quite capable of shoving frequencies A-A' to Alice, B-B' to Bob and so on, it's not just solid state it's completely passive, no more likely to need maintenance than, say, the fibre itself.
Not sure how that is relevant to OP's question then. You're describing PON, ONT-OLT communication is typically encrypted as well which makes the response make even less sense.
Wouldn't say that the cost benefits are from that, majority of the cost is going to be from putting fibre into the ground or on poles, same cost for 1 or 200 pairs. The real benefit is that you don't need any active equipment like in an ethernet distribution network.
> ONT-OLT communication is typically encrypted as well
Is it? I guess that's conceivable though it looks _optional_ to me, but I have no statistics as to how widely the option is taken up.
Nevertheless the G.948 work basically doesn't care about eavesdroppers. The threat model they've engineered around is that Eve lives next to Bob, and so if she tweaks the ONT (which legally belongs to her ISP but is on her property) she can see Bob's messages, whereas we're talking about a fibre tap to receive everybody's messages and then we'll root through that for Bob's messages.
G.948 as amended makes random keys in each ONT and sends them to the OLT, knowing Eve can't see the key chosen by Bob's ONT (it passes upstream not downstream). But as an eavesdropper with a fibre tap we do see both directions so this countermeasure doesn't inconvenience us.
Good on them for spelling out a threat model, and to me their model seems reasonable (if Alice buys Premium Sports for $180 per month we don't want Bob to watch Premium Sports free by pirating Alice's data) but it doesn't stop bad guys snooping this traffic.
Anyone with physical access can read unencrypted traffic if the ISP has not implemented any link layer encryption. All you need is to slightly bend a fiber and it will leak light.
> The Cloudflare DNS servers you connect to are in the EU and are subject to EU regulation just like your ISP.
Yeah, sure:
> Primarily the CLOUD Act amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.
The CLOUD Act would do nothing in this case because Cloudflare doesn't store data related to your requests and claims they are regularly audited to prove that.
CF has a lot more privacy minded people to whistle blow on that if they were lying than your local ISP would.
Going by the Apple example, they refused to create new code to do something they were not in the past. That limit made the courts agree with them that they could not be compelled to create something new.
Yahoo / ISPs already have the data so they have to comply with the law by providing that data upon request.
> Yahoo / ISPs already have the data so they have to comply with the law by providing that data upon request.
Data is being sent to CF: can they be forced to raise the logging level from "INFO" to "DEBUG"? See also Lavabit:
> Lavabit is an open-source encrypted webmail service, founded in 2004. The service suspended its operations on August 8, 2013 after the U.S. Federal Government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email.[2][3][4][5]
I imagine that at its scale, CF could legitimately claim technical limitations prevent them from collecting data at the volume of traffic that 1.1.1.1 gets.
Yes, the Core Secrets leak said the "FBI" would "compel" companies to "SIGINT-enable" their networks if in America. In the Lavabit case, the judge was cool with FBI's proposal to compromise all the users, not tell them about it, and business owner's revenue would be fine. If overseas, there was a spy/soldier group that would take espionage-style action against them. That's if a payment didn't work.
I assume they backdoored all of them, including Apple, with them instructing the companies to hide that fact. They then use parallel construction for the important cases. The less-important cases would go through the regular system. The FBI made a big deal about that one phone to try to expand the All Writs Act to make their access easier. At this point, they probably have access to a lot of it but want their legal, observable powers to be expanded.
That's how it works in a Dual State: a police state with a regular government you can defend against running side-by-side with a more powerful, secret government that can do whatever they want to many targets with secrecy and criminal immunity. Unlike previous Dual States, they restrict the targets and methods of the Deep State more to make its damage invisible to most voters. They think it won't hurt them, just deserving people. Meanwhile, they gradually shift more power previously afforded by the Deep State to the Public State while Deep State collects and passes more information over time to the enforcers of the Public State.
The Snowden leaks confirmed both Deep State activities and the collaboration between the two with denials built in.
I think it's important to realize that this is basically shifting the whole discussion. What DoH is supposed to provide is privacy from your ISP. It's not claiming to provide privacy from the government, and most people don't expect to have DNS privacy from the government (that's not to say it's not desirable). So this point is basically just misdirection.
If your adversary is the United States government, then no, DoH isn't great for you if you're not in the United States and if the US can't get to your ISP / DNS provider anyway, and if your only DoH endpoints are owned by US companies. You also have much bigger problems than DoH is attempting to solve.
> The Cloudflare DNS servers you connect to are in the EU and are subject to EU regulation just like your ISP.
In my (non-EU) country, ISPs are subject to relatively strict regulations, and Cloudflare doesn't fall under those regulations.
> One thing to consider also is that unencrypted DNS means that virtually anyone can read (and modify) those requests
Not "virtually anyone", it would require physical access to the GPON fibre between my home and the MSAN/CO/Exchange (non-trivial, scales really bandly), or the MetroEthernet backhaul from the MSAN to the BNG (where they would trip alarms and the last-mile provider would investigate). From the BNG onwards traffic is encrypted on-the-wire (MPLS with group encryption as far as I know) until it is handed over to the ISP. My ISP co-locates caching DNS with their hand-over routers, so here it would require tapping the fibres in their data-center (not happening without their knowledge).
Also, someone who is just mass-collecting my DNS requests without any other identifying data, and no ability to correlate IP address to users, has limited privacy exposure.
A centralised third-party, who can correlate source IP addresses with user-identifying browser cookies from other HTTP requests in the same time window seems like a much bigger privacy concern.
Americans, please sort out your last-mile provider+ISP monopolies (e.g. lobby your politicians for regulations that enforce competition), so that you can stop forcing unnecessary technical solutions on the rest of the world, who doesn't have this problem (if ISPs do anti-customer things, they lose business).
It's an untested legal situation: EU claims authority (GDPR for European customers) AND US claims authority (various snooping acts binding for US companies even when working abroad). At least in public there's no resolution at this point in time.
There is a perfectly good alternative which is encrypted DNS or DNS-over-TLS. That should be implemented instead. Sure it’s harder, because it’s decentralized, but that’s the whole point of DNS.
First, these things are generally country specific. Is there an EU Directive that makes it continent-wide?
Second, given countries in the EU are fairly democratic, this is done via acceptance of the voting public because they elected the representatives. They can always have the law changed if they don't like it.
In Czechia, ISPs are forced to block certain websites, but exact method is not speficied. Today, they just block it on DNS level, as that is simplest and effective enough (although easy to circumvent). If ordinary users were using DoH, then ISPs would be forced to use IP based blocking
This was one of the concerns brought up at the UKNOG panel:
Currently there is DNS blocking (e.g. gambling sites in Poland), and it handles most cases. If (too many?) people start circumventing that, will a government start insisting on more invasive measure (e.g., DPI)?
The government wrote a white paper about this because they proposed yet more blocking (for the whole anti-pornography thing where they want you to go buy a "pass" to look at porn) back in 2018.
The ISPs are not inclined to pay for DPI or whatever other nonsense, even if they believe it could be effective, which it probably can't be. Government does not want to take on a major budgetary extra to pay for something that's already unpopular. So that leaves it not getting done. Much hand-wringing.
The government already acknowledges that Tor completely defeats all existing attempts to censor the Network, but they supposed that DNS blocking is affordable and good enough. So, we make it no longer "good enough" and then too bad for their stupid policy.
I reached out to Mozilla, and they've confirmed that DoH is being enabled by default only for installations inside US.
So, if you are in the EU, Firefox won't switch you to DoH. You can still enable it if you wish, but your DNS queries will reach your local resolver unless you change it.
> I reached out to Mozilla, and they've confirmed that DoH is being enabled by default only for installations inside US.
How do they know? What is the likelihood of them getting it wrong?
What protections do they have in place for their geo-location, to ensure that they don't leak unnecessary information when determining whether a user is in the U.S. or not?
Depends where in the EU. In the UK, DNS snooping by ISPs is universal, and in fact required by law under the pretext of blocking minors' access to porn.
> ... in fact required by law under the pretext of blocking minors' access to porn.
[citation needed]
Which law specifically? I was under the impression that this was currently being done voluntarily by the ISPs so that the government wouldn't start drafting legislation.
(I could be wrong; I just want a referenced/definitive answer either way.)
The idea was, Porn sites need to obey UK government rules, if they /don't/ (and why would, for example, a Canadian porn site obey those rules?) then a censor (the BBFC that took on this role for video got that job) directs that ISPs should block the offending site using DNS blocks.
In practice it keeps getting pushed out because it's hopeless from all angles.
If you have a laptop and configure your DNS automatically, you are using whatever DNS is configured by hotels, airports, coffee shops, etc. You have no privacy whatsoever when it comes to DNS requests and you have no control over this until you manually configure your DNS (which most users don't even know how to do). The default configuration of laptops is to use whatever they are told to use automatically. In most places the only safe assumption is that multiple nation states are actively monitoring and aggregating every single DNS request you make and the practical reality is that that is actually exactly what happens.
The sad reality is that ISPs in most places don't lift a finger to protect the privacy of their users and actively facilitate policing, censoring, and monitoring of their user's DNS traffic; even when they are not required to (which they are in most places). Your trust in them is completely misguided.
I live in Germany. I know that my ISP works with the German government to help them censor me accessing certain websites by blocking DNS. I also know that they collaborate with lawyers going after individual p2p users. And I know it has a history of serving advertisements on domains that don't resolve (something I opted out of years ago). I also know DNS traffic data is routinely shared between different nation states and that this practice has little or no oversight.
In so far they are not actively sharing data (which they are), they can also be relied apon to be generally incompetent when it comes to operating and securing their infrastructure and you'd have to assume that foreign intelligence agencies have been actively helping themselves to whatever information they can extract that way for decades.
If you are wondering, my ISP is O2. I'd switch but Germany has a state protected ISP oligarchy and the other ISPs are not really much better.
Mozilla protecting users from their privacy being violated like this by default is a net improvement in most places in the world. Anyone who cares about their privacy enough already configures their DNS manually and probably also uses a VPN and can continue to do so. But for those not capable of figuring this out, this is a massive improvement of their default level of privacy. The status quo for that is that they have none whatsoever in most places when it comes to DNS. It's hard to do worse than that.
> I know that my ISP works with the German government to help them censor me accessing certain websites by blocking DNS.
Citation on o2/Telekom/etc blocking domains?
> I also know that they collaborate with lawyers going after individual p2p users.
Kind of hard not to do if you're legally obliged. But not per se a privacy violation and not a matter of snooping on content.
> And I know it has a history of serving advertisements on domains that don't resolve (something I opted out of years ago).
> Ok but again not really a major privacy leak, just stupid/bad/user-hostile practice.
> I also know DNS traffic data is routinely shared between different nation states and that this practice has little or no oversight.
And who is the main party spying on/in Germany? Snowden leaks tells us the NSA, with active but idiotically unaware cooperation by the BND. So you're giving data directly to a US cloud provider instead.
Parties, plural. A better question would be who isn't spying. I live in Berlin. The Chinese, Russians, North Koreans, US, UK, Iranians, etc. all have big embassies here and there is a lot of diplomatic traffic and it of course features frequently in popular fiction on espionage. Also, there are lots of political refugees from all over the world living in Berlin. E.g. Ai Weiwei lives somewhere in my area and I've seen him on the street a couple of times. I live a kilometer away from the HQ of the German secret service.
I have no illusions about Cloudflare. However, unlike my ISP they are big, pretty competent, generally under a lot of scrutiny, and have a very big incentive to not get caught with their pants down contradicting what they say they do in their contracts, terms of use, etc. Not exactly ironclad, I know, but definitely a step up from O2's combination of indifference, incompetence and tendencies towards actively not caring one bit about their users privacy.
So I also live in EU and, regarding DNS, I trust NA way more than the ISP of my country.
Your local intelligence agency and local ads network can probably way more easily and legally look into the local DNS records of the same country than the records stored on another continent.
What's more, I don't mind the USA having my browsing habits because they can't easily use it against me, as EU is a different market.
It's all about splitting the data about yourself to different competing entities, rather than trusting only one entity with everything.
... in your country.
For me it's the other way around; i'd rather trust my ISP because privacy laws in my country/EU are much better vs the US.
I interpret the move by Mozilla as hostile in regards of privacy, and i can't understand why EU politics don't intervene when a US company starts hijacking all Firefox users DNS requests (opt-out instead of opt-in.)
reply