Telcos And Rupert Murdoch Pushing Nonsense Story That Google Helping Keep Your Internet Activity More Private Is An Antitrust Violation
from the oh-really-now? dept
There are all sorts of reasons and ways to hate on big internet companies these days, but as we've warned, some of them are in conflict with one another -- though that doesn't seem to stop those who keep pushing the narrative forward from blindly repeating them anyway. The latest is a positively bonkers article in the Wall Street Journal arguing that Google's (somewhat middle of the road) support for DNS over HTTPS (DoH) is potentially an antitrust violation worthy of Congressional action.
This is (1) utter nonsense and (2) driven by telcos looking to undermine consumer privacy. So if you're a pro-privacy Google hater, you might want to at least reconsider supporting this particular line of attack. If you are unaware, under the current DNS system, you still leak some key metadata every time you visit a site to your DNS provider (which is usually, but not always, your broadband/internet access provider). It used to be that those providers could collect even more, page-level, information, but that is less and less true as more and more of the web itself is encrypted with HTTPS. DoH is an attempt to encrypt the last bit of info that leaks when you surf -- the metadata about the top level domains you are visiting. Mozilla has been strongly pushing support for DoH, and will plan to move most public Firefox users to DoH in the relatively near future. Google, on the other hand, is supportive of the standard, but has shown no inclination to adopt it nearly as widely as Mozilla.
Either way, done correctly, DoH protects your privacy and stops the fairly large metadata loophole that has allowed DNS providers (generally your telco/broadband provider) from being able to snoop on everywhere you surf. There are some reasonable concerns that if browsers automatically force users to use specific DNS resolvers for DoH that it could, potentially, lead to more control/centralization of both those servers, but as EFF points out in the link above, that's mitigated by more ISPs simply adopting DoH themselves.
The problem, of course, is that the biggest telcos, such as AT&T, Verizon, and Comcast don't want to stop spying on you and all of your internet habits. And, so, rather than adopting DoH, they're trying to undermine DoH entirely by pretending that Google's lukewarm interest in supporting DoH is, itself, an antitrust violation. What's kind of incredible, however, is just how open they are about this plan, and that's it's entirely about preventing the big broadband providers from spying on your traffic:
“Because the majority of world-wide internet traffic…runs through the Chrome browser or the Android operating system, Google could become the overwhelmingly predominant DNS lookup provider,” a coalition of internet service providers said in a Sept. 19 letter to lawmakers. “Google would acquire greater control over user data across networks and devices around the world. This could inhibit competitors and possibly foreclose competition in advertising and other industries.”
They urged lawmakers to call on Google not to impose the new standard as a default standard in Chrome and Android.
Google, for it's part, reiterated (as it has in the past) that it has no plans to force users into using its own DNS offerings. While the Wall Street Journal report at least quotes some pushback on this claim, it still seems to present this mostly as a credible antitrust concern, when the reality is that it's clearly an attempt by big broadband players to play an antitrust card to (1) attack Google and (2) to prevent Google from helping consumers better protect their own internet privacy.
There are, of course, plenty of legitimate concerns that people have about Google's own privacy practices. But pushing people towards DoH is a good thing. A few months back we saw UK ISPs laughably attack Mozilla's plans to support DoH by calling the company an "internet villain" claiming that better protecting your privacy would undermine "internet safety standards." To be clear: this is nonsense. What they mean is, like with other forms of encryption, it might make a very tiny number of criminals marginally harder to track down. But, on the flip side, it will massively protect everyone else's privacy from overly snoop happy broadband providers.
We've noted for a while how hypocritical it is for people to focus on "antitrust" and "privacy" claims about the big internet companies, while ignoring the much larger problems on both fronts regarding broadband companies. Similarly, we've talked about how many of the attacks on "big tech" are quietly driven by the big broadband players quietly fanning the flames. But this story combines all of that. It's the big broadband players/telcos pushing a totally bogus monopoly story against Google (which makes no sense at all if you understand the details, and which wouldn't even be a potential monopoly concern at all if those very same broadband companies adopted DoH themselves), in order to stop Google from better protecting your privacy -- so that the broadband providers can better snoop on you.
And, a side note: Rupert Mudoch's Wall Street Journal has been one of the worst in pushing these misleading anti-Google/Facebook stories over the last few months, which is, again, no surprise at all, as it's been revealed before that Murdoch has been eager to attack Google and Facebook and has no problem using the Wall Street Journal to do so. While this story at least includes some balance, the entire narrative arc of it seems to follow the telcos talking points -- and it's notable that while it briefly quotes a section of the telcos letter to Congress, it fails to post the entire letter. I wonder why...
Either way, this kind of thing undermines any serious discussion of either privacy or competition online, by mixing up and conflating an attempt to better protect privacy, and pretending it's an antitrust violation.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: antitrust, competition, dns over https, doh, privacy, rupert murdoch, snooping, telcos
Companies: google, mozilla
Reader Comments
Subscribe: RSS
View by: Time | Thread
An internet of only http?
It's tangential, but this could make an enormous leap to an all-http Internet--that is, traffic traversing from AS to AS--that is nothing except http. And in a few years with http/3, perhaps nothing but UDP.
I'm sure other protocols will continue to exist inside individual AS's for a long time (though, http/2 is replacing diameter in the 5G packet core).
The Internet really only bears a very superficial resemblance to what it was 30 years ago.
[ link to this | view in chronology ]
Re: An internet of only http?
Although to some degree DOH and encrypted-http3-over-UDP could take us back 30 years, to a time when hosts could experiment with protocols without middlebox interference.
[ link to this | view in chronology ]
Re: An internet of only http?
So, assuming I have read your detail lite commentary about some deep protocol questions correctly, you are suggesting the end of FTP, torrent, magnet, and other communications protocols to entirely functioning on HTTP, based on a move to DNS over HTTPS.
Could you expand on why you think this is the case, such as how this move helps HTTP finally supplant the less popular but still in use protocols like FTP, or how this move helps HTTP replicate torrent and magnet protocols?
[ link to this | view in chronology ]
Re: Re: An internet of only http?
The trend to run "everything" over HTTP was noted in 2002
FTP is dead. Mostly. There's some special-case usage, but essentially nobody sets up public FTP servers anymore. Even ftp.debian.org shut down FTP access two years ago (in favor of HTTP).
BitTorrent trackers use HTTP. The .torrent files are most often delivered via HTTP. The peer-to-peer protocol isn't HTTP; if designed today, it might have been.
That's a URI scheme, not a communications protocol.
[ link to this | view in chronology ]
Re: Re: Re: An internet of only http?
"FTP is dead. Mostly. There's some special-case usage, but essentially nobody sets up public FTP servers anymore. Even ftp.debian.org shut down FTP access two years ago (in favor of HTTP)."
Except for some 95% of the EDI solutions still used by companies, banks, and news agencies worldwide.
I dare claim bullshit on your assertion as long as removal of FTP would cause the global economy to crash and burn.
[ link to this | view in chronology ]
Re: Re: An internet of only http?
Ah, yeah I wasn't thinking at all of peer to peer filesharing, but FTP is a dying protocol, and it deserves to die. Debian shut down their FTP servers a couple years ago, for instance. It is an annoying, horrible protocol because of the separation of data and control channels into separate connections. It's always been hard, because of that, to make it work properly with firewalls, natting, and access lists. It becomes a really serious problem if you encrypt the control plane, because you're left leaving blocks of ports wide-open, or limiting the numbers of connections. Seriously, I've been cursing FTP for decades now.
For downloading, it provides no advantages over http downloads, and for uploads, that functionality has been largely replaced by http uploads, dropbox type services, or to a lesser degree for specialized apps, webdav.
[ link to this | view in chronology ]
Re: Re: Re: An internet of only http?
...which was the style at the time, apparently. Early port numbers were all odd because NCP, TCP's predecessor, reserved the corresponding even numbers for traffic in the opposite direction. This convention was dead when gopher and http appeared. FTP predates NAT and firewalls by decades.
[ link to this | view in chronology ]
Re: Re: An internet of only http?
There are always lots of fun protocol ideas around.
One of the interesting ones is IPFS, which discards DNS entirely, using content based rather than host based addressing.
[ link to this | view in chronology ]
Doesn't protect you from the DNS provider
No, it won't do that. It will prevent everyone except your DNS provider from snooping that. But the DNS provider—which for DOH will likely differ from your current provider—can see all the data a DNS provider ever could.
BTW, DOH over Tor could stop that. Having web servers send you DNS responses for pages they link to, without you having to request anything, would also work. Of course that would require DNSSEC and wouldn't prevent anyone from seeing the IP addresses you connect to.
[ link to this | view in chronology ]
Re: Doesn't protect you from the DNS provider
The difference is that you could choose a DNS provider you consider trustworthy, while many if not most people have no practical choice of ISP.
[ link to this | view in chronology ]
Re: Re: Doesn't protect you from the DNS provider
Is there a choice for DoH other than Google? (currently, anyway)
[ link to this | view in chronology ]
Re: Re: Re: Doesn't protect you from the DNS provider
Cloudflare offers public DOH with the endpoint https://1.1.1.1/dns-query
[ link to this | view in chronology ]
Re: Re: Re: Doesn't protect you from the DNS provider
Strangely enough...
https://www.google.com/search?q=dns+over+https+providers
[ link to this | view in chronology ]
Re: Re: Doesn't protect you from the DNS provider
The difference is that it's harder for an ISP to interfere with this choice. There were always 3rd-party DNS providers. Some ISP, even entire countries, were known to block them or change the results. (Firefox will apparently disable DoH in the UK to allow DNS-based porn-blocking. Lame.)
[ link to this | view in chronology ]
Re: Re: Re: Doesn't protect you from the DNS provider
Its just not turned on by default, but it can be turned on. Also, using some other public DNS server, such as Google bypasses those blocks as well. That is those blocks only work for people who cannot be bothered to look up alternatives, or configure Firefox etc.
[ link to this | view in chronology ]
Re: Re: Re: Re: Doesn't protect you from the DNS provider
Mozilla shouldn't be helping governments censor the internet, even if there is a workaround. There's no valid reason for the UK to have different defaults. They might as well do the same for China and the dozens of other countries abusing DNS.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Doesn't protect you from the DNS provider
They probably will.
[ link to this | view in chronology ]
Re: Re: Re: Doesn't protect you from the DNS provider
It is trivial for an ISP to monitor non-encrypted DNS requests to a 3rd-party DNS server. They can't do that with DoH. That's the difference.
[ link to this | view in chronology ]
Think this through...
So, what, the ISP enables DoH on its own DNS servers? What good does this do? In this case, the ISP still knows who's making the queries, and what those queries are, right? If you're concerned about your ISP sniffing your DNS queries to other providers, turning around and making those same queries to your ISP over DoH really isn't helping anything, is it?
Conversely, if Google were to enable/force DoH, and if they were to operate the servers (as they likely would), that would put them in a unique position to track their users' browsing habits (even more than they already do). Is the issue overstated? Probably--but I don't think it's as exaggerated as you're saying.
Now, IMO, the best way around this, at least at home, is to use a router that can be configured to act as a recursive DNS resolver. That way, your queries are going only to the authoritative hosts for the domains in question, and can't be aggregated in any single place. It's as simple as checking a box in pfSense, not sure about other F/OSS router/firewall solutions.
[ link to this | view in chronology ]
Re: Think this through...
Why not just run your own DNS?
[ link to this | view in chronology ]
Re: Re: Think this through...
Hard drives are now large enough you could probably just run your own very large hosts file. You could probably make a program it to have it update itself every so often from all known authoritative domains and bypass DNS altogether.
I have enabled Doh and encrypted ensi on my firefox. It breaks the windows hosts file so now one of my malware blockers no longer works. (Spybot S&D)
[ link to this | view in chronology ]
Re: Re: Re: Think this through...
Hosts file is hardly a replacement for DNS
[ link to this | view in chronology ]
Re: Re: Think this through...
Because DNS is a recursive hierarchical look up system, where reading the dot separated part of a url, from right to left, is resolved by sending a request to the address found for higher level part. I.e. to resolve www.techdirt.com a request is sent to the root server for the server for 'com', and then a request to the address that gives for 'techdirt' and the to that address for 'www'. In practice results are cached to reduce the number of repeated lookups that are actually required.
When you use an ISP's or other public resolver, they carry out that look up process on your behalf. Using your own resolver makes it harder for the ISP to track your web history, as look ups can be interleaved, and caching means some are skipped.
[ link to this | view in chronology ]
Re: Re: Re: Think this through...
This is a very recent algorithm, called QNAME minimization. Traditionally, a resolver would send the string "www.techdirt.com" to each level, even the root (which won't know anything except "com"; it's an information leak with no benefit). Many still do.
[ link to this | view in chronology ]
Weak Sauce
“Because the majority of world-wide internet traffic…runs through the Chrome browser or the Android operating system,"
Usage share by web browser measurement is not a standardized metric and has questionable accuracy. Also user agent spoofing is very easy.
"Google could become the overwhelmingly predominant DNS lookup provider,""
.. Could ..
Very weak argument.
[ link to this | view in chronology ]
Re: Weak Sauce
Spoofing is easy but very few people do it in reality. Sure, the result will skew as a result of the people who do it, but like moves to enforce https generally this isn't aimed at those people.
Similarly, DNS dominance can be a concern because most of the people this is aimed at don't know what it, let alone make an informed choice of er provider. The battle will be over whether they accept the default from their ISP or their browser settings.
[ link to this | view in chronology ]
Re: Re: Weak Sauce
Point is, their anti-trust allegations are very weak if not ridiculous.
[ link to this | view in chronology ]
Re: Re: Re: Weak Sauce
It's one of the least ridiculous antitrust arguments I've heard again them, but it is still based on "they're big" rather than them actually abusing Chrome dominance.
[ link to this | view in chronology ]
Re: Re: Re: Re: Weak Sauce
and based upon flimsy evidence that does not prove anything.
[ link to this | view in chronology ]
Re: Re: Weak Sauce
Few people, but entire countries do DNS-spoofing. With or without DoH, DNSSEC is an important defense.
[ link to this | view in chronology ]
Re: Re: Re: Weak Sauce
Well, in response the previous message I was clearly referring to user agent spoofing, but that's true as well
[ link to this | view in chronology ]
Re: Re: Re: Re: Weak Sauce
I missed that line. Thought we were just talking about DNS predominance.
[ link to this | view in chronology ]
Re: Re: Re: Weak Sauce
Right now DNSSEC is a bit of a failed protocol. The key size requires a fallback to TCP, and so many of the places I've worked or seen don't allow tcp over 53. For years, you'd see it recommended in security best practices, usually because the only traffic that would go over tcp on 53 would be zone transfers. And of course, DNSSEC is only designed to protect integrity, not confidentiality.
DNSSEC makes a lot more sense in DNS over https than it does in the DNS protocol.
[ link to this | view in chronology ]
Firefox currently supports DoH...
...and the DNS provider is CloudFlare, which promises not to sell your browsing history. Google might (!!!) become the predominant DNS lookup supplier, but only if the rest of the industry doesn't step up an implement DOH, which isn't difficult. But, you've captured the essence of the concern for the big ISPs -- there won't be able to eavesdrop on your DNS queries as they pass through their network. Of course, anyone using a VPN already has, effectively, DOH. Bigger issue is that the big ISPs are simply asking their paid servants to do what they are told...
[ link to this | view in chronology ]
the only problem
With Privacy tends to be WHO gets it, and WHO dont..
Either everyone gets it, or No one gets it.. Thats part of the law.
But thats also a failing.
If it was all free, the corps and anyone could have it and Spam us to death, and fill our mail boxes with crap, AND create Fake ID and Credit cards all over the world. And what would the rest of the world do to STOP IT?? The banking system would have to Improve and have better ID systems, and spread ALL over the world.
But we would have all the info we needed for the rich and Famous, as well as all the corps and our GOV..(perchance)
With us PERSONALLY responsible for our privacy and creating laws to backup those rights... We save ourselves of most of this hassle. But we also dont get certain info on many things. Such as Corps and Gov. Hiding how much stuff really costs and military expenditures. As well as knowing how much the rich are hiding in other countries..(buying property, as the middle east and russia have done in the USA)
And still the banking system loves us for doing so.
But the internet is something else. as our browsers are built around SHARING OUR INFO. The more you put into it, the more it can share. Even if a Bot/Trojan/?? is needed to get the data, Some Odd thing will popup and ask to do something, and We have lost our privacy and data.
When porn sites can be safer then Legit(??) sites its a marvel that we have ANY PRIVACY..
And will all the Server break-ins, and data loss over the past 10 years, its almost Stupid to think we have much privacy left. would still like info on Server break-ins, compared to Linux/unix/MS server.
[ link to this | view in chronology ]
One of them
I am one of those pro-privacy, anti-Google people, and I saw this article on another website this morning. I wondered "what gibberish are they talking about? why won't they discuss the protocol?" But now it all makes sense. If it makes Murdoch squeal like this, then I cant wait for Mozilla to do DoH.
[ link to this | view in chronology ]
Re: One of them
You can enable it on the options page but its not in an obvious spot.
[ link to this | view in chronology ]
Re: One of them
Open preferences, scroll down to Network settings, click settings, scroll down in that dialogues, wnabble DoH and select your provider in the dropdown.
[ link to this | view in chronology ]
Re: Re: One of them
Failing the above how-to-enable-dns-over-https-doh-in-firefox at zdnet might help.
[ link to this | view in chronology ]
Privacy is Respecting The People Who Ask For Privacy
Of course it should not be illegal to keep people’s internet searches private. If the government doesn’t respect privacy on the internet, that’s like the FBI having an agent stand with you in the bathroom as he watches you pee/poop (within the public stall for non-residential examples such as colleges and offices) and then reports how many bowel movements you made which would be leaked for others to see. In a word, NASTY!
Privacy is important in every aspect, and because we have privacy and respect outside of the internet, we need the respect of privacy on the internet as well. Not in terms of censorships - don’t get the wrong idea. That’s why some browsers have a private tab available so that Google (or whatever internet company provides the browser) won’t keep record of what you searched online in a private tab. They even have that feature on the iPhone’s Safari app as well.
I apologize for any misspells. Using an iPhone’s keyboard is hard no matter what size phone you use.
[ link to this | view in chronology ]
Re: Privacy is Respecting The People Who Ask For Privacy
So did you comment without reading past the headline, or are you unclear on what DNS is?
[ link to this | view in chronology ]
Re: Re: Privacy is Respecting The People Who Ask For Privacy
I think YOU may have misread the users comment!
[ link to this | view in chronology ]
Re: Privacy is Respecting The People Who Ask For Privacy
If you don't want other people to know what you're doing in the bathroom maybe you shouldn't be doing it!
/s
[ link to this | view in chronology ]
Re: Re: Privacy is Respecting The People Who Ask For Privacy
You clearly didn’t read my comment correctly. The bathroom comparison is meant to represent that government agencies have no respect for our privacy. They disrespect the people they serve, and their racist, sexist attitude towards their people is downright cruel, retarded, and unacceptable.
[ link to this | view in chronology ]
Re: Re: Re: Privacy is Respecting The People Who Ask For Privacy
You clearly don't know what /s means.
[ link to this | view in chronology ]
Re: Re: Re: Re: Privacy is Respecting The People Who Ask For Pri
I knew what /s meant. /s = sarcasm. Privacy is nothing to be lightly joking about. If the government won’t respect the privacy of its people, then they shouldn’t be in office at all. The American government has always promised to be run by the people, yet it never is. They break their promises more than they realize. They think us Americans shouldn’t learn the truth about why they’re being so scandalous. Their corrupt, racist and sexist remarks are disrespectful and unacceptable. I may be white, but I’ll gladly defend any race and any gender from the racist and sexist affairs that our own government is charging at us. I respect every race and every gender and every age and every generation, but I will not let our bipartisan government throw us into anarchy. They force us to choose sides, and they force us against each other while they continuously make everything worse. In 2020, I hope people will realize that the Democratic and Republican debate needs a complete overhaul, because apparently Common Sense Isn’t So Common Anymore!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Privacy is Respecting The People Who Ask For
Judging from your previous reply, I'd bet you had to go look it up.
If you still don't understand the purpose of sarcasm, or just don't like it, then fuck you.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Privacy is Respecting The People Who Ask
No I did not look it up. I knew what is was.
[ link to this | view in chronology ]
Close but no banana
No, DoH will change where the information is collected.
Mozilla has been working with Cloudflare, and they are likely to be the default setting, which means that when this rolls out Cloudflare will all of a sudden know an aweful lot about what is happening on the internet (they already know a lot, but will merely know more).
DoH (and DoT) support your privacy by preventing people in the middle (e.g NSA) from seeing your traffic, and potentially spoofing responses (which the NSA has done). So, it really is a SECURITY improvement with a significant privacy benefit. The bigger issue is what privacy policies the DoH resolver providers declare.
If you really want privacy, use Tor.
There are other negative impacts too. Many organisations host their own DNS resolvers and some use services like RPZ (Response Policy Zones) which detect attempts to contact know dangerous (i.e serving malware) domains and redirect people to a safe landing page. DoH will disable these defenses.
So, as with any moderately complex technology, its a mixed bag, and depends very much on how it is used.
NB: I've been involved with the IEFT in the discussions around the RFC's which standardize both DoT and DoH.
[ link to this | view in chronology ]
What they mean is, like with other forms of encryption, it might make a very tiny number of stupid criminals marginally harder to track down.
FTFY.
[ link to this | view in chronology ]
And then we're back to Title II
If the ISPs are not providing your DNS service ...
[ link to this | view in chronology ]
Google is not keeping your internet activity private. They are selling that shit as quickly as they can to advertisers. This includes your email by the way.
[ link to this | view in chronology ]
Re:
"Google is not keeping your internet activity private. They are selling that shit as quickly as they can to advertisers. This includes your email by the way."
Let's assume you are correct, what makes you think you will be treated any better elsewhere?
If you run your own server "they" will only see the updates your server gets and not the every day lookups - unless of course they crack the encryption - which they probably already have done so you just make it a bit more difficult for them.
Your ISP will not save you.
[ link to this | view in chronology ]
You can also implement DoTLS. Asus routers allow you to configure them for DNS-over-TLS and come preconfigured for several different providers (Google, Cloudflare, Quad9, etc.). This makes your entire home network have secure DNS, and it doesn't have to be through Google. Google also makes Android 9 and 10 available with "Private DNS", which you can configure with your choice of DNS provider. This is essentially DoH for your phone, and is a simple setting in the network settings. Personally, I use Quad9 for all my DNS activity.
[ link to this | view in chronology ]
$$$ Talks
Not only do companies want to make money by charging you more for subscription services, they want to sell your browsing/online information for additional money.
Personally, they need to do one or the other, not both.
[ link to this | view in chronology ]