Cory, I don’t think anybody’s going to argue that ISPs deserve the benefit of any doubt as to their intentions. After the SOPA wars, I certainly won’t be coming to their defense. However, your strong rhetoric here may be a provoked bias. DNS has never been ignored and it’s in no way creaking. There is a secure protocol called DNS-over-TLS which has identical encryption properties to DNS-over-HTTPS, the only difference being that DoT can be blocked in a firewall whereas DoH is designed not to be detected or blocked. In your article you’re responding to an anti-trust argument advanced by Comcast against Google, but your response shows no awareness of two vital facts:
-
If ISP’s want to become surveillance capitalists so that they can compete against Big Tech’s surveillance capitalists, that doesn’t make ISP’s evil, that simply reminds us that surveillance capitalism is evil. This is gangster-on-gangster violence, and neither Big Tech nor Big ISPs are going to use their winnings to help improve lived privacy for any of us. We have to stop all of the surveillance, not merely change who can and cannot surveil.
-
As an operator of managed private networks at home and at work, I strongly resent being told by the DNS-over-HTTPS cloud that my firewall is now obsolete, and anyone including underaged children, poisoned supply chains, malware, or intruders will from now on be able to ask whatever DNS questions they want, with no monitoring or filtering possible by the owner of the network. That should be my decision, not theirs. Not all perimeter security is authoritarian. DNS-over-TLS cannot be intercepted without notice to the end-user, and so DoT solves the vast majority of end user privacy woes, but without changing who can prevent it from working.
DNS-over-HTTPS is ill-considered and may usher in far stronger controls, costing everybody no matter what their agenda was, and benefiting almost nobody. DNS-over-TLS is what we need to keep Big ISPs in check without giving more power to Big Tech. Happy to discuss 1x1 if you’d like to hear more on this topic.
Paul Vixie
