Comcast Insists It's An Innocent Little Daisy On Consumer Privacy

from the zero-credibility-left dept

Both Mozilla and Google have begun pushing encrypted DNS via their respective browsers, making it more difficult for outsiders to monitor and/or monetize your daily browsing habits. Not too surprisingly the broadband industry, which has a long, proud history of covertly collecting and selling this data, isn't particularly happy about this evolution. With the help of unskeptical news outlets, telecom lobbyists have been trying to convince the government that what Mozilla and Google are up to is somehow nefarious, going so far as to (incorrectly) claim the move is even an antitrust violation.

Last week, Motherboard published Comcast documents highlighting how Comcast has been also trying to convince gullible lawmakers that the move to encrypt DNS traffic somehow poses a threat to national security and the sacred DC tech policy pixie dust that is 5G:

"The unilateral centralization of DNS raises serious policy issues relating to cybersecurity, privacy, antitrust, national security and law enforcement, network performance and service quality (including 5G), and other areas," Comcast said in the presentation. "Congress should demand that Google pause and answer key questions," a section of the presentation reads. "Why is Google in such a rush?" reads another.

But Comcast's claims are false. Neither Google nor Mozilla are forcing their browser users to do anything. Users are simply being presented with the option to encrypt their DNS traffic -- if their current DNS provider supports it. The move would not switch users to Google's DNS servers by default, either, so the centralization claim is false. In short, you'll be surprised to learn, Comcast is lying about what the proposal will do. Why? It makes it harder for the telecom sector to spy on -- and monetize -- your daily browsing behavior.

In the wake of the leak, Comcast published a new blog post attempting to frame itself as an innocent little daisy on consumer privacy issues, going well afield to pretend that it doesn't actually monetize its users data:

"We play an important role as an Internet Service Provider in connecting you to whatever you want to do online. Whether you’re browsing the Internet or managing your connected home, we’re always working to protect your privacy and keep your information secure. We’re in the business of giving you a great Internet experience with products and services like xFi’s parental and WiFi control features; we are not in the business of selling your information."

The blog post is painfully careful with word choice as the company attempts to pretend it doesn't monetize user data. For example throughout the post Comcast carefully insists it doesn't track the websites you visit "through your broadband connection," though it's possible to track that same data at the heart of Comcast's network (technically not "your connection"). Similarly, Comcast insists it "deletes the DNS queries generated by our Internet customers every 24 hours," even though 24 hours remains plenty of time to monetize that data. And the company insists it doesn't "sell information that identifies who you are to anyone" -- an obvious nod to the fact that Comcast anonymizes this data first before selling it (researchers have long noted this data isn't really anonymous).

As Comcast attempts to vilify efforts to secure DNS, it's attempting to lean on privacy credibility it doesn't actually have. If Comcast's such a big fan of privacy, why did it lobby ferociously to eliminate modest and popular FCC broadband privacy rules in 2016? Comcast has also expressed interest in charging users more money to protect their privacy, in effect making privacy a luxury option. Privacy has long been the last thing on the mind of most major telecom players, who've historically seen zero real oversight as they repeatedly lie about what they do with subscriber data.

Even if Comcast was being honest here (which researchers, Google, Mozilla, and consumer groups all say they're not), between the privacy and net neutrality fights, the company has made it abundantly clear it no longer has serious credibility on policy issues. Meaning that even if Comcast engineers had legitimate concerns with how encrypted DNS is being implemented, the company's repeated policy falsehoods have ensured nobody's going to be believing them anytime soon.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dns over https, doh, encrypted dns, isps, privacy
Companies: comcast


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Gary (profile), 29 Oct 2019 @ 7:23am

    Tossing Shit

    As demonstrated daily, if the truth doesn't work start slinging lies and shouting.
    For bonus points, repeat the same lie until someone believes you.

    "Shilling for Google" seems popular around here.

    link to this | view in thread ]

  2. identicon
    Anon, 29 Oct 2019 @ 7:32am

    The Key Point

    As mentioned the vehicle isn't going anywhere. There is no reason not to wait for a warrant. A vehicle that was travelling at an excessive rate of speed - the evidence should be obvious enough from the trail it left of skid marks etc., plus the degree of damage to the vehicle, a person with a moderate amount of expertise in traffic accidents should be able to assert there was reasonable chance it was travelling at an excessive rate.

    But this I the key of the fourth amendment - the police can't simply go on a fishing expedition. If they want to know whether your vehicle was speeding - they need to explain to a judge why they think so, what they can see that ells them the evidence may back them up. If they want your cell records, they should explain to the judge why there is cause to believe distracted driving may be a factor. If they believe alcohol or drugs were a factor, they should be able to explain that to a judge (but many jurisdictions allow them to bypass this step).

    It's a matter of looking at an incident and piecing together relevant evidence, not "grab all the data you can and we'll look for reasons after". This isn't a Seal Team raid.

    link to this | view in thread ]

  3. icon
    Code Monkey (profile), 29 Oct 2019 @ 7:42am

    Yeah, but Google

    I'm all for DoH, but, since Google and Firefox are the companies (currently) providing this encryption, can't THEY still track (and therefore monetize) our browsing habits?

    Isn't this just shifting who gets to monetize our personal data??

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 29 Oct 2019 @ 7:51am

    Re: Yeah, but Google

    Firefox allows you to set your DoH service, and only recommends Cloudflare, you are free to use an alternative.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 29 Oct 2019 @ 7:58am

    Re: Yeah, but Google

    Yes you do have to trust your cryptographic library implementer to not have a backbdoor.
    However with Modzillla (and to some degree Google) you are free to change how the implementation works, or look for/fix backdoors.
    Good luck fixing your ISP to not do bad things with your data.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 29 Oct 2019 @ 8:31am

    yeah, yeah! and if my aunt had bollocks, she'd be my uncle!!

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 29 Oct 2019 @ 8:39am

    Re: Yeah, but Google

    Isn't this just shifting who gets to monetize our personal data??

    That's why Comcast is upset... because it won't be them.

    link to this | view in thread ]

  8. icon
    Federico (profile), 29 Oct 2019 @ 8:41am

    One clear benefit

    There are various arguments to be made on default DNS-over-HTTPS:
    https://blog.apnic.net/2019/10/03/opinion-centralized-doh-is-bad-for-privacy-in-2019 -and-beyond/

    However, if Comcast complains so loudly, that's enough to convince me that it's probably a good move in terms of making life harder for at least one category of bad actors.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 29 Oct 2019 @ 8:47am

    Re: The Key Point

    I think you meant to comment on the article about Georgia requiring warrants for EDR data, not this one?

    link to this | view in thread ]

  10. identicon
    Special Agent Arnold Asshat, 29 Oct 2019 @ 8:58am

    "...Comcast's claims are false..."

    I disagree.

    And I also don't watch 12 hours of porn per 8 hour workday on my government issued computer & Comcast connection. Neither does Deputy Dickwad while in his car "on patrol".

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 29 Oct 2019 @ 9:03am

    Firefox still hasn't fixed the broken hosts file issue which is a large enough annoyance I would simply not enable it if for a lot of use cases. I do have it enabled on this browser but if I decide my previously working hosts file setup was better it may be turned off.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 29 Oct 2019 @ 9:04am

    Re:

    I realize that I am asking for you to pass third grade, but please frame a logical/coherent argument.

    link to this | view in thread ]

  13. icon
    Gary (profile), 29 Oct 2019 @ 9:07am

    Re:

    I disagree.

    Please cite.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 29 Oct 2019 @ 9:12am

    Re: Re:

    Oh. I think it is actually trying to claim that it watches 13 hours of porn during its 8 hour shifts. Which would indeed be an impressive feet.

    link to this | view in thread ]

  15. icon
    Gary (profile), 29 Oct 2019 @ 9:24am

    Re: Re: Re:

    Resident troll can't watch porn at work but he still keeps trying on the cash registers I guess?

    Pretty big stretch to claim, with no evidence, that Karl is lying and Comcast is telling the truth. But anyone that believes Hillary is running a prostitution ring from her basement is already proven their case.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 29 Oct 2019 @ 9:47am

    I'm also wondering if, besides the potential DNS snooping, somebody realized that it would poke a larger hole in the argument they offered against Title II classification.

    I mean, if your ISP is no longer handling your DNS queries, and thus isn't able to handle any sort of caching, the only thing they can be is a set of dumb pipes.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 29 Oct 2019 @ 9:59am

    Re: Yeah, but Google

    Isn't this just shifting who gets to monetize our personal data??

    Not quite. Encrypting DNS does not prevent an ISP from figuring out where you are going. It just makes it a bit harder. Reverse-DNS look-ups are still possible, and if the site traffic is unencrypted (or improperly encrypted) deep-packet inspection is also a possibility.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 29 Oct 2019 @ 10:00am

    Re:

    Used to be able to control the precedence via resolve.conf but some applications no longer look there.
    I also read that some microsoft products phone home regardless of the OS settings, iirc the ip addr was hard coded.
    Running your own firewall is a good idea.

    link to this | view in thread ]

  19. identicon
    stine, 29 Oct 2019 @ 10:14am

    Re: Re: some windows apps

    Yes, Windows is one of them. It also bypasses your proxy settings for some things which, if you only have internet acesss via proxy, breaks things.

    I spend my entire workday connecting to and disconnecting from VPNs for my job. I can't have Firefox or Chrome playing mix-n-match with my dns settings.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 29 Oct 2019 @ 10:15am

    Re: Re: Yeah, but Google

    Yes you do have to trust your cryptographic library implementer to not have a backbdoor.

    No, you don't. You can audit the code or hire someone to do that. (And it's surprising how many companies don't do that, even when there's a lot of money at stake.)

    link to this | view in thread ]

  21. identicon
    Paul B, 29 Oct 2019 @ 10:17am

    Re: Re: Yeah, but Google

    Even with out being able to look at the packet, you can tell data by frequency and size of the data being transmitted. Gamers often use UDP with lots of small packets. Movies buffer huge amounts of data then drip feed. Bittorrent connects to hundreds of addresses all at once.

    Given time I can tell what your doing even without knowing anymore then the packet size and frequency.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 29 Oct 2019 @ 10:17am

    Re: Re: Re:

    It's not hard to speed up a video or have more than one going at a time.

    link to this | view in thread ]

  23. This comment has been flagged by the community. Click here to show it
    identicon
    Special Agent Arnold Asshat, 29 Oct 2019 @ 10:26am

    Re: Re: Re: Re:

    "It's not hard to speed up a video or have more than one going at a time."

    It is if you can't mouse with your left hand, & don't get me started on those laptop glide pads and tiny little nubbins that I can't stop fingering.

    link to this | view in thread ]

  24. icon
    Gary (profile), 29 Oct 2019 @ 10:47am

    Re: Re: Re: Re: Re:

    So still nothing factual or relevant to add to these conversations, Blue?

    How goes the fanfic career?

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 29 Oct 2019 @ 11:43am

    Re: It puts the lotion on the CD/DVD tray

    Not well if he can’t manage to sexualise a computer. The rest of us figured out “hard drive” by age eight.

    link to this | view in thread ]

  26. identicon
    Smartassicus the Roman, 29 Oct 2019 @ 11:55am

    Just Do It

    Stop nagging and just go ahead and encrypt your DNS and be done with it. There are a few options for Winderz clients and Linux users can use Stubby (just google it and follow the instructions if you don't know what you're doing).

    link to this | view in thread ]

  27. icon
    ECA (profile), 29 Oct 2019 @ 12:06pm

    Love advantages..

    Who has the advantage to Sell your history here??
    ISP, google, Amazon?
    Explorer, Fire fox, chrome, safari????

    Why did so many QUIT Explorer?? because MS was selling a license for $99, that would allow any site to read the Explorer data, just from going to a site..

    I would love a Background program/script that would CHANGE the data sent to these idiots, PLEASE. and now give me Ajit Pies, Basic info..
    What a way to Bomb people.. we could have this crap going anyplace we needed..MORE SPAM..MORE PORN(the safest sites out there)

    link to this | view in thread ]

  28. identicon
    Baboli, 29 Oct 2019 @ 2:27pm

    Ask yourself a simple question: Who is in the business or collecting and selling your personal information, Google or Comcast? Also look at who funds the Mozilla Foundation, Google or Comcast to see a big conflict of interest there. The answer is simple. ISPs like Comcast have no incentive to collect, mine and sell your data because their business model is built on a monthly subscription service. Customers pay upfront every month. Google on the other end, the poster boy of surveillance capitalism, has a huge business incentive to collect and monetize your DNS traffic, like it does with the rest of the user data it collects on ALL of its services. Tim Cook said it best: "If you are a Google product user, YOU ARE THE PRODUCT!" I do trust my ISP a lot more than I trust Google or Facebook or any of the big tech companies when it comes to my privacy and security online. Period.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 29 Oct 2019 @ 4:48pm

    Re:

    Just like your TV OEM has no incentive to collect your data. Or your phone OEM.

    Now we just have to explain why the fuck they do it with no incentive.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 29 Oct 2019 @ 8:05pm

    Re:

    Part of the FCC's argument against Title II was that DNS and caching were "inextricably intertwined" with broadband, making it a Title I information service. This just shows (as if it wasn't already known) that argument was BS.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 29 Oct 2019 @ 8:18pm

    Re:

    Why no, ISPs like Verizon, AT&T, or Comcast have no interest at all in your data.

    They promise~

    link to this | view in thread ]

  32. icon
    Toom1275 (profile), 29 Oct 2019 @ 9:17pm

    Re:

    Who is in the business or collecting and selling your personal information, Google or Comcast?

    Both, but with Google you at least have the choice of blocking some of it.

    ISPs like Comcast have no incentive to collect, mine and sell your data

    [Asserts facts contrary to reality]

    Google on the other end, … has a huge business incentive to collect and monetize your DNS traffic,

    Irrelevant when you're not using Google as your DNS

    I do trust my ISP a lot more than I trust Google or Facebook or any of the big tech companies when it comes to my privacy and security online. Period.

    Idiot confirmed

    link to this | view in thread ]

  33. identicon
    subtle ques, 30 Oct 2019 @ 1:40am

    Re:

    I think some people haven't gotten the subtle ques. Hint: the things he absolutely clearly without the shadow of a doubt has NOT done, would be incriminating and could have been recorded by Comcast, if he actually had done them, purely hypothetical speaking.

    link to this | view in thread ]

  34. icon
    ECA (profile), 30 Oct 2019 @ 8:01pm

    Re: Re:

    those 2 are the same..
    AND Cable, sat, internet..need more??

    link to this | view in thread ]

  35. icon
    ECA (profile), 30 Oct 2019 @ 8:04pm

    Re: Re:

    Ditto...
    Your ISP has a better chance to know more..
    google Amazon, and the rest we can get rid of for a time..and let them reload if needed...NOT your ISP. Then you say VPN...yep..NOW they are the one that knows where you go..and if the Gov. walks up and tells them to monitor your connection?? think they will say no??

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 31 Oct 2019 @ 1:38am

    Re: Re:

    To sell to someone else.
    To use it (the data) in whatever way makes them more $.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.