I've spoken with friends and family members on numerous occasions about basic privacy topics, and they're often met with complete apathy. The "this endangers our children" rhetoric - though misleading - arguably does have some logical foundations. A Government who is able to watch over its citizens could in theory protect them better. It reminds me of the WhatsApp E2E encryption debates in the UK of a few years ago, shortly after the attacks in London.
I guess its incumbent on us as technologists, to not merely laugh and scorn at these comments, but to acknowledge that these things have consequences, positive and negative. We need to present the under-represented positives - and at times I find this particularly hard without feeling / coming across as tin-hatted.
Edit: Just on that last point - I'd love advice if anyone can provide some :)
For the most part backdoors require some kind of central coordination, so there are situations where it is basically impossible to support one. HTTPS is a good example: anyone can run a web server and there is no permission or coordination needed to do so, and so HTTPS backdoors would be difficult to create (otherwise I cannot run my web server without coordinating with whatever authority controls the backdoor, or I cannot run a secure web server without such coordination). That is what the conversation is really about: whether or not we are willing to sacrifice the most useful and valuable aspects of the Internet's design (distributed, loosely coordinated, no-permission-needed), or do without security and hope for the best, for the sake of a law enforcement backdoor.
Of course, we know DNS blocking doesn't fix anything. It's like putting the bad thing in storage and switching off the light. We know that nearly anyone can route around a blacklist-employing name server in seconds, but it's all the people but those "anyone" who can't.
And they probably think it's a really good idea. The general masses don't have to worry about accidentally bumping into dubious content, and it also raises, to a conscious level, the bar for those who want to bump into it. I mean, if you have to specifically install or configure things to workaround the DNS block, you've just validated your questionable intents.
For most people, that probably makes sense similarly to a signpost at a closed gate that says "Private yard / No pass through". Yeah, undoubtedly some people will open the gate and try to make the shortcut through the yard but at that point it will be clearly intentional. It's just that the externalities of DNS blocking are infinitely higher than blocking pedestrian traffic through a private yard, and no common people see that.
The rational counter-attack must thus focus on what would be a better alternative rather than how DNS blocking is flawed by design. How to prevent families from accidentally finding themselves looking at child porn, or to make it difficult for uncle Ed to watch naked kids on internet late in the evening while still preventing the ISPs from MITMing the DNS queries for everyone else?
But let the default be safe.
Of course this is usually a foreign concept to laypeople.
But to address the "accidentally CP" argument. How does that happen? You have to "accidentally" type something into Google/Bing/Yahoo and then click through. Or you "accidentally" have to start somewhere. And if you go to any for profit pornsite (camsites, streamsites, blablabla), or even just a porn subreddit, or type porn (or some explicit search terms) into a search engine.... you don't get to anything illegal. Why? Because that's bad for business.
So ... it seems like a perfect excuse. It maybe worked for the first closeted gay senator/representative... but never since. So why are we still talking about it as something that "accidentally" happens?
That's already illegal, so uncle Ed gets prosecuted like any criminal.
That is a solved problem which requires no technical or legal changes.
I'm not saying they are equivalent issues, but I do see a lot of parallels between the arguments made for/against weakening encryption and those made for/against gun control. It makes it tough for me to find a logically-consistent viewpoint on both that I feel good about.
I guess in theory, this could still be accomplished by filtering based on IP - a whole other cat and mouse game. Although, it's not like it wasn't a cat-and-mouse game before - you could bypass these blocks by running DNS on non-standard ports unless some form of DPI was being performed.
DoH is an evolutionary response to that, because it looks like HTTPS to Cloudflare, which is difficult to reject. And that's terrible for a lot of reasons (inefficiency, complexity, centralization), but it solves the local interference problem. Which means that's what we're unfortunately going to end up with unless we can solve the interference problem another way, i.e. make intermediaries understand that they're going to lose anyway and it's better to allow unmolested UDP DNS/DNSCurve to the endpoint's choice of recursive resolvers than to have everything using DoH to Cloudflare.
I would prefer not to centralize things in advance, just in case a certain problem develops. I would instead prefer to keep it de-centralized as long as possible, and solve individual problems as they actually occur.
I would also prefer DNSSEC and DoT over DNSCurve, and I would suggest IPsec with opportunistic encryption to be a more pure goal than to tunnel everything over HTTPS, but my preferences in protocols are not important to any of these points, and we don’t need to argue about that.
The root problem where the centralization comes in (because you could actually do DoH to something that isn't Cloudflare), is that you need to trust someone to faithfully and completely answer all of your DNS queries without dropping any of them or sending invalid responses for queries they don't like.
That used to be your ISP, and we had a decentralized solution as long as the ISPs would faithfully answer all queries, but what happens when they don't? You need someone else. "Let everyone choose for themselves" is a theoretical answer, but in practice the average person doesn't know anybody who runs a public recursive DNS server, and Google and Cloudflare are easy and "free", so everybody will end up on them. To prevent that we need ISPs to stop interfering with DNS.
They can and should secure their network, watch out for data exfiltration anyway, etc.
They should disable ever kind of network traffic that does not go through their auditing/filtering proxy (HTTP, DNS, SMTP or whatever).
If they want to support bring-your-own-device, great, configure said devices, set up proxy-auto-configuration, hand out "how to set up your device to work on corp-wifi" flyers, and in general, they have their IT team, let them work and they will figure this out.
The old way of just MITM-ing was always bad for at best it was/is lazy, but in reality it's quite unprofessional and counter-productive for security.
They could probably say "drop all requests to 22.214.171.124, etc." but nothing is stopping me from running my own DoH resolver that they would have to manually scan for.
That being said, I absolutely hate all the filtering crap, so I actively avoid working for any company that decides it needs to see everything I'm doing online.
So in the interview, you actually ask, "do you have a filtering proxy to monitor workers internet traffic?"
Not really. It is difficult to accidentally encounter these kinds of images because they are so illegal, and for those who are trying, rudimentary ISP DNS blocking is not going to stop them when Tor exists.
You can run for local government, organize, or volunteer, for instance. That will make much greater difference than simply voting or voicing one's displeasure on the internet (though doing both of those can help some too, especially if enough people do so).
- DoH is impacts a lot more than one area: child protection
- what exactly would be lost?
- is the filtering effective? No, anyone so inclined can just use a VPN
- is there another way to achieve this even with DoH?
Yes: resolve the URL filter hostnames, filter the IPs
- faulty logic: we do X *with the intention* to stop bad Y, so don't do Z that hinders X
Now let's see what's right(?) about this?
- good political move to back something emotional people can agree with
vs. something technical that most don't put in effort to understand privacy+tech
- government seen as governing: good
- sensational news, increases positive awareness/brand
Whenever these types of issues come up in the media, there's two concurrent discussions: one who understand the tech and implications and the rest of the population that reacts by proxy signals. Somehow these groups need to be connected without a distortion of the message.
Encryption can keep things which need to be kept secret safe. They can also keep things which ought to be made open safe.
Anything can and will be abused by people who want to use it to hide what they are doing. That includes criminals.
But if every history-changing invention could have been stopped because of the potential of abuse, we'd not be where we are today.
They say “there 144,000 internet users [ed: from where in the world?] on some of the worst dark-web child sexual abuse sites”.
Dark web. Tor. Not impacted by DNS over HTTPS whatsoever.
UK disapprove of UK Politicians.
Need a source? Course you don't.
They can't even bloody solve basic stuff like building houses or you know, that EU thing. DNS over HTTPS is probably down there with encouraging uptake of Klingon.
Seems like decentralized overlay p2p networks is becoming the only way to ever get privacy on the internet.
Fuck DoH. It's political and technical centralization under the tired old banner of "freedom!" when reality is absolutely the opposite. It'll be abused in a heartbeat the moment it has majority share, assuming folk like CloudFlare don't already have people working full time on how to profit from the data, or formulating policies on which sites they shut down that they never hosted in the first place
If you're new to this game, it always progresses the same tired old way:
- it's optional, you don't need it, but if you use it your life will become 1000% better and starving orphans in China will learn about democracy
- we're using it for just this one particular service you might need it for but it's fine because that particular service is totally optional and you have a "choice" between 3 vendors who all accidentally depend on this new thing, because they're all playing the same game
- we rolled out a new feature but it's only available to newer clients, you probably genuinely do need this feature, and the choice to avoid the new service seems to be less and less appealing
- we don't have people working full time on the older product any more, and it's full of bugs, and we're struggling to support it
- we've made some commercial agreement you weren't expecting that interacts somehow with our adjusted position thanks to the new service. somehow you've become the product without any warning, but you're so far down the river it's much less effort to stay put than try to undo becoming the product
- we've encountered a bug and made a huge negative PR fuss around the old service. it's officially insecure and you will catch cancer if you continue using it
- [3 months later] we're deprecating the old service
- [1 year later] captivity achieved
As someone who uses HOSTS files and DNS-level blocking/MiTM proxy on my network to control what gets to my endpoints, I like how you think.
So the effect is not just the local mobile telco's DNS would be subverted, but every mobile telco's DNS, and if you tried to explain what's happening to the typical person it impacted, they'd give you a puzzled look before promptly switching the topic to last night's football game. Thankfully this is a completely fabricated scenario and there is no possibility whatsoever it could even remotely play out.
Given this one scenario, what value or weight does a single bearded guy's raspberry pi stashed in a closet have when it comes to worldwide DNS policy? I wonder how resilient a site like The Pirate Bay would be given an environment where DNS filtering is suddenly under the majority control of a tiny handful of companies all under American or western ownership. But DoH of course is about freedom, not about censorship. It's about preventing censorship, right!
(Apologies for the style of reply -- these are obviously not genuine questions)
edit: these unexplained downvotes are fascinating
For Mozilla, I'm not sure, but they often follow Google's lead, and there is a strong case for Google to go that route
In any case if it ever starts defaulting to on in any browser, it's very likely the others will follow suit, as it's easy to imagine quite a lot of PR around the security benefits of the brave new world
Rofl politicians are not very well informed the gov already can see all traffic generated in DoH due to a built in flaw that is waiting to be fixed which i have no doubt will be "fixed" with open access built in as normal
Oh you’re against DNS over HTTPS? Oh so you want our children to be abused? You’re for encryption? Sounds like someone doesn’t care about child porn. Oh you won’t share your Password with the government? Hiding something?
Look, child pornography is deeply troubling, but so are lots of other things in life that people don't call for mandatory, obtrusive government censorship to prevent. The mandatory DNS blocking to prevent child porn is not particularly effective. In non-technical terms, DNS blocking is effectively the same as taking down the sign on the front door: it doesn't prevent anyone from getting to it, if they know where to look, and even people who might trap unwitting visitors into traveling to these sites can still do so (you can use IP addresses in lieu of domain names in links).
Indeed, if you know the DNS addresses of places to avoid, you actually know enough information to take more proactive action: for example, you could mandate that the IP addresses these sites use (or even the ISPs who host them!) are made to be unreachable, which would make it much, much more difficult to actually access these sites. Blocking only the DNS address is pretty much doing the barest minimum to look like you're tackling the problem.
I mean, this is not about some deep darknet stuff or tor hidden services (where DNS filtering would not be effective anyways), so my question is why isn't government able to shut these sites down? And if the sites are hosted on uncooperative ISP then I think dropping the traffic is appropriate response.
If a site is in another jurisdiction, you can still distribute a list of sites to ISPs, and ISPs can report suspicious activity to the police (so they can get a warrant for closer monitoring).
If you block it, you just alert people to which sites are more likely to have illegal content, which can encourage them to access it through other means (VPN, Tor, etc). I honestly don't see any real value in it from a practical perspective, and the only real "benefit" is it gives the government an excuse to add other stuff to the list it doesn't like.