
DoH Secure DNS Doesn't Make Us a Villain Mozilla Tells UK ISP's - signa11
https://www.theregister.co.uk/2019/07/06/mozilla_ukisp_vallain/
======
dang
[https://news.ycombinator.com/item?id=20369951](https://news.ycombinator.com/item?id=20369951)

[https://news.ycombinator.com/item?id=20362548](https://news.ycombinator.com/item?id=20362548)

[https://news.ycombinator.com/item?id=20358300](https://news.ycombinator.com/item?id=20358300)

------
mindfulhack
This is so low of these UK ISPs to take a swing at the non-profit Firefox
instead of Google's proposed for-profit instance of DoH with Chrome.

Their only plausible motive would therefore seem to be that they currently
enjoy profiting off your raw browsing data and violating your privacy at the
highest level by spying on it and selling it. It can hardly be plausible that
'safety' is what they're concerned about.

I have always chosen ISPs that seem to support the little guy, and if there
were one that wasn't in this Association to make a point, I'd join it. Can
anyone in the UK speak to this to help out our UK readers?

~~~
NeedMoreTea
Andrews and Arnold are outside ISPA, have a healthy respect of privacy and a
healthy disrespect of logging and block lists. The owner blogs at
[https://www.revk.uk](https://www.revk.uk)

Zen are in ISPA, but don't participate in any blocking or filtering.

They both provide service leagues ahead of the big ones, have tech support
that's UK based and actually have a clue what they're on about.

~~~
jen20
I don’t know their ISPA status but I have been incredibly impressed with
Aquiss, who offer similar levels of support to A&A. They also offer month-to-
month phone lines and internet service without a minimum term, which is
unusual in the UK.

~~~
NeedMoreTea
Zen don't have minimum terms, seem to remember A&A have a one off setup fee
for no term.

The majors prefer you not to leave when you realise they're crap. :)

~~~
jen20
Good to know - thanks for the info!

------
ailideex
UK is dystopia and it is crazy how almost all UK political parties support
this sensorship and even seem to be one upping eachother.

~~~
peteretep
> UK is dystopia

Yes, except compared to all the other countries.

~~~
ailideex
Well it is pretty nice place maybe compared to other countries like China,
Iran and North Korea. UK jails people for making jokes, singing rap lyrics.
Your government wants to ban porn and demand encryption has backdoors,
sensorship of the internet is just par for the course. It is completely
insane.

~~~
mavhc
[https://www.theguardian.com/music/2019/jan/31/skengdo-and-
am...](https://www.theguardian.com/music/2019/jan/31/skengdo-and-am-the-drill-
rappers-sentenced-for-playing-their-song)

------
zzo38computer
This doesn't seems it should be the function of the browser; rather, to run a
local DNS service which is only accessible on your computer, and then you can
make it to access the DNS data by use of whatever you want to use, whether
HTTPS or Namecoin or whatever, possibly even more than one. Then you can use
it with any programs, and not only with Firefox.

The ISP should not censor it. (I also think that HTTPS is probably not the
best protocol for DNS, although it can still be used; just making DNS as TCP
instead of UDP and then adding TLS, would help. But regardless of which way is
done, it should be a separate program that the browser and other program using
internet does not need to know the implementation of.)

~~~
JoshTriplett
Getting all operating systems to do that, across the board, is much harder
than changing a cross-platform browser.

Also, operating systems would have a much harder time doing that, especially
if they don't all have integrated support for captive portal detection and
similar.

> just making DNS as TCP instead of UDP and then adding TLS, would help

Then systems in the middle can tell it's DNS, and block it.

We're moving towards a world where _all_ traffic will look like HTTPS, or
eventually like http/3.

~~~
zrm
> Getting all operating systems to do that, across the board, is much harder
> than changing a cross-platform browser.

Is it? I understand that Debian has just added support. It should be as easy
for Google to add it to Android as add it to Chrome. That leaves only Apple
and Microsoft -- and even before that, anyone who likes to can set the DNS
server in those operating systems to a stub that makes queries via DoH, either
running on the local machine or connected via VPN. (I'm making that sound very
tech nerd, but actually doing it isn't inherently any harder than installing
Firefox.)

> Also, operating systems would have a much harder time doing that, especially
> if they don't all have integrated support for captive portal detection and
> similar.

Wouldn't it be the same issue for Firefox?

> We're moving towards a world where _all_ traffic will look like HTTPS, or
> eventually like http/3.

Sad but true. Though at least HTTP/3 looks to support UDP, at which point it
becomes a lot more reasonable to encapsulate whatever inside it.

------
alltakendamned
This seems to indicate one thing, and that is that DoH is an effective privacy
control.

At least I have switched over my entire network to DoH through Pi-Hole.

