UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS'
https://www.zdnet.com/google-amp/article/uk-isp-group-names-mozilla-internet... UK government and local ISPs are putting the pressure on browsers to drop plans to support DoH protocol. The trade association for internet service providers in the UK has nominated Mozilla for this year's award of "Internet Villain" because of the browser maker's plans to support the DNS-over-HTTPS (DoH) protocol in its Firefox browser. In a statement published this week, the Internet Services Providers Association (ISPAUK) claimed that Mozilla plans to support DNS-over-HTTPS "in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK." The trade association's comments come after two months of constant criticism aimed at both Mozilla and Google, from both the UK government and various advocacy groups, and all are centered around the new DoH protocol. [...] Basically, Google and Mozilla's support for DoH effectively narrows down to the same moral dilemma that surrounds the Tor Project and the Tor network. Browser makers must now decide if it's worth supporting a tool that brings privacy improvements to millions, at the expense of a few that may have to suffer. Currently, DoH is not supported in the stable versions of Chrome and Firefox. Google is still testing DoH support in Chrome, while Mozilla has completed a successful DoH test in Firefox, and officially said it plans to support the feature in the stable branch, but did not give out a timeline. Mozilla is nominated for ISPAUK's "Internet Villain" prize together with US President Donald Trump (for causing a huge amount of uncertainty across the complex, global telecommunications supply chain in the course of trying to protect national security) and the EU's Article 13 Copyright Directive (for threatening freedom of expression online by requiring 'content recognition technologies' across platforms). A Mozilla spokesperson did not return a request for comment in regards to the organization's nomination. ___ E' divertente come si possa vincere il premio giusto, per le ragioni sbagliate. Giacomo
On Fri, Jul 05, 2019 at 09:00:32AM +0200, Giacomo Tesio wrote:
https://www.zdnet.com/google-amp/article/uk-isp-group-names-mozilla-internet...
https://www.ispa.org.uk/ispa-withdraws-mozilla-internet-villain-nomination-a... ISPA withdraws Mozilla Internet Villain Nomination and Category Posted on 9th July 2019 Last week ISPA included Mozilla in our list of Internet Villain nominees for our upcoming annual awards. In the 21 years the event has been running it is probably fair to say that no other nomination has generated such strong opinion. We have previously given the award to the Home Secretary for pushing surveillance legislation, leaders of regimes limiting freedom of speech and ambulance-chasing copyright lawyers. The villain category is intended to draw attention to an important issue in a light-hearted manner, but this year has clearly sent the wrong message, one that doesn’t reflect ISPA’s genuine desire to engage in a constructive dialogue. ISPA is therefore withdrawing the Mozilla nomination and Internet Villain category this year. continua qui: https://www.ispa.org.uk/ispa-withdraws-mozilla-internet-villain-nomination-a... -- Stefano Zacchiroli . zack@upsilon.cc . upsilon.cc/zack . . o . . . o . o Computer Science Professor . CTO Software Heritage . . . . . o . . . o o Former Debian Project Leader & OSI Board Director . . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
Caspita! Sono riusciti a resistere ben 4 giorni al potere lobbistico di Google! Un record! Qui in Italia quanti sono quelli che anche solo ci provano? E voi negli Stati Uniti, come state messi? Quante sono le organizzazioni che provano a prendere il toro per le corna? Quante quelle che piagnucolano ma si fanno comunque finanziare? Come avevo scritto, hanno nominato Mozilla per il premio giusto, ma per la ragione sbagliata. DNS-over-HTTPS infatti è solo un piccolo dettaglio (per quanto utile all'interno di un attacco per inviare dati all'esterno attraverso un canale sicuro ed insospettabile) rispetto alla montagna di problemi tecnici che Mozilla ha introdotto nell'architettura del Web. E che si rifiuta, a tutt'oggi di affrontare. On 11/07/2019, Stefano Zacchiroli <zack@upsilon.cc> wrote:
On Fri, Jul 05, 2019 at 09:00:32AM +0200, Giacomo Tesio wrote:
https://www.zdnet.com/google-amp/article/uk-isp-group-names-mozilla-internet...
https://www.ispa.org.uk/ispa-withdraws-mozilla-internet-villain-nomination-a...
ISPA withdraws Mozilla Internet Villain Nomination and Category Posted on 9th July 2019
Credo possa essere utile a questa lista leggere il comunicato intero. Non cita direttamente il problema geopolitico, ma ai punti 3, 4 e 5 lo lascia intendere a chi abbia un minimo di competenza in merito. Dopo la parte che hai citato, infatti il testo prosegue: While we are withdrawing the nomination, we still believe that it is important to properly scrutinise the implementation plans for DoH. Below we set out our position in more detail and we will continue to develop this position and engage with our members, browser and app companies, DNS resolvers and vendors, policymakers and the wider Internet community on this issue. Any implementation of DoH (or equally any other flavour of encrypted DNS) should be capable of achieving the expected privacy and security benefits, while at the same time being mindful of the complex internet eco system, as well as the different user relationship and trust models that are in play. 1. User choice: An application switching to DoH should ensure that this switch does not undermine choices that have been previously made by the user. For example, if parents have decided to filter an internet connection in their home via network or local level DNS controls, these choices should not simply be ignored by the application. 2. User consent: Any application switching to DoH should ensure that the decision to switch resolvers is made by a user who is: a/ fully informed about the implications of switching resolvers, and b/ fully capable of expressing consent, e.g. relevant admin rights need to be protected and decisions should be made by main account holders Furthermore, DoH discovery and selection should allow users to change their resolver selections as they wish too, e.g. they may wish to revisit selections when new resolvers become available. 3. Data protection: Any application switching to DoH should ensure that a DoH resolver fully complies with the local data protection requirements. 4. Security: Any application switching to DoH should ensure that the selected DoH provider is capable of replicating existing security policies and capabilities such as malware protection that are currently in place for that user. 5. Online safety: Any application switching to DoH should ensure that the selected resolver should be capable of replicating the online safety policies that are currently in place for that user. 6. User and access-network-operator support: If DoH doesn’t work or is slow, a customer’s internet access will be affected. The customer will contact their ISP, not the DoH provider, but the ISP won’t be able to fix things for them. As a minimum, any application switching to DoH should ensure that the selected resolver should provide a 24/7 user call centre reachable via low-cost/local rate telephony and an online support capability. Support for fault-diagnosis and resolution between ISP, resolver and users should also be provided. There are numerous other areas that we could go into, e.g. how DoH affects enterprise networks, or content caching, and the points raised in this post are only an initial outline. We recognise that things have started moving at Internet Engineering Task Force level, for example, and look forward to engaging in a constructive discussion. ____ Speriamo veramente che si avvii un dialogo costruttivo sull'architettura emergente del Web! Un dialogo in cui voci diverse ed indipendenti dai grandi player possano chiedere a questi di RISPONDERE degli errori madornali che hanno compiuto e stanno compiendo. Giacomo
participants (2)
-
Giacomo Tesio -
Stefano Zacchiroli