Faced with complaints from British entities and authorities, Mozilla backtracks with a privacy feature
Mozilla backs down with a decision criticized by internet providers in the UK. This is the default activation of the DNS-over-HTTPS protocol.
According to Providers British Internet, the original decision would undermine safety standards from United Kingdom.
How decisively does Mozilla back down?
The complaint from British providers comes from the implementation of the so-called IETF RFC8484 protocol.
DNS-over-HTTPS sends DNS requests over an encrypted HTTPS connection, instead of using a classic plaintext UDP request, as classic DNS works. Also, this protocol works at the application level rather than in the operating system.
That is all connections take place between the application and an encrypted server compatible with the protocol.
All traffic is done under HTTPS. DoH domain name queries are encrypted and then sent over normal web traffic to the DoH DNS resolver, which responds with the IP address of a domain name, also in encrypted HTTPS.
What is the problem?
The problem is that each application controls the privacy of its DNS queries and can create a list of DNS servers over HTTPS (resolvers) in its configuration, this does not have to depend on the default DNS servers of the operating system.
In other words, a user's DNS requests are invisible to third parties, like ISPs; and all DNS DoH queries and responses hidden within a cloud of encrypted connections, indistinguishable from other HTTPS traffic. In other words, ISPs and intelligence services cannot monitor where we navigate.
British Internet Service Providers are required by law to block certain types of websites. This is the case of those that host content that infringes copyright or that are registered trademarks. There are also those who voluntarily block pedophilia and pornography sites.
Political rejection
Not only companies criticized the decision. So did parliamentarians, foundations and intelligence agencies.
A Labor Party MP said in the House of Commons called the decision a "threat to the UK's online security".
The criticisms were joined by the Internet Watch Foundation (IWF). It is a British watchdog group with a stated mission to minimize the availability of child sexual abuse content online. For them, browser developers were ruining years of work to protect the British public from abusive content.
Of course, the GCHQ, the British intelligence service in charge of electronic surveillance, could not be absent. For them the protocol would impede police investigations and could undermine existing government protections against malicious websites.
Why Mozilla Backtracks
Google also plans to implement the protocol in its Chrome browser, although Mozilla is more advanced in its development, which is why it received all the criticism. Firefox started testing the protocol at the beginning of last year, and includes it (although it is not activated) since version 60.
In statements to the British media, the Foundation expressed its willingness to work with the country's regulators. The objective is to ensure that Firefox's DoH support does not interfere with the country's website block lists and ISPs' parental control systems.
At the beginning, Mozilla asked the authorities to make public the list of sites blocked by the authorities and ISP, to be able to block them from the browser. However, the authorities objected, claiming that this would be like making a "yellow pages of child pornography." This would make it easier for them to find this type of content.
Hence, Mozilla chose not to activate the default option.
I confess that I have my doubts that the government and providers care about the welfare of users. What worries them is the loss of control. Both child pornography and online safety are things that can be solved in other ways that do not violate the privacy of users.