Google's not so bad
Does Google leverage its users' browsing history and personal emails for profit? Of course. But at least it's upfront about it. Not so your internet service provider (ISP), to which you probably pay a decent sum every month for access to the internet:
ISPs have consistently claimed such [broadband privacy] rules aren't necessary because they aren't violating users' privacy. But their objections to DNS over HTTPS "has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over Internet usage," Mozilla told Congress. Mozilla said it believes the privacy upgrade has "become necessary to protect users in light of the extensive record of ISP abuse of personal data."
That ISP abuse includes mobile providers selling real-time location data "to third parties without user knowledge or meaningful consent;" ISPs such as Comcast "manipulat[ing] DNS to serve advertisements to consumers;" Verizon's use of "supercookies" to track Internet activity; and AT&T charging customers an extra $29 per month to avoid "the collection and monetization of their browsing history for targeted ads," Mozilla told Congress.
Web users are tracked by Google, Facebook, and other advertising companies, of course. ISPs, though, have "privileged access" to users' browsing histories because they act as the gateway to the Internet, Erwin said to Ars.
There is already "remarkably sophisticated micro-targeting across the Web," and "we don't want to see that business model duplicated in the middle of the network," he said. "We think it's just a mistake to use DNS for those purposes."
Technology such as DNS over HTTPS (DoH), properly implemented at the browser level, will destroy the business model mentioned above (for a technical summary, see Issue 32/2019). A more transparent ISP model is - from my perspective at least - a good thing, although it might mean prices have to rise a small amount.
So who will ultimately convince Congress, privacy advocates or ISPs? Interestingly, the United Kingdom successfully persuaded Mozilla not to enable DoH by default for its citizens:
Firebox builder Mozilla has confirmed to UK Culture Secretary Nicky Morgan that Britons won't be getting DNS-over-HTTPS (DoH) by default once the feature is included in the next run of browser updates.
In a letter to the Secretary of State for Digital, Culture, Media and Sport, Mozilla's global policy veep Alan Davidson said his Silicon Valley org "has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders."
I can't see Congress banning DoH, a move which would have severe unintended, security-related consequences. But it might find itself lobbied sufficiently to instruct Google (Chrome) and Mozilla (Firefox) not to enable it by default, as did lobbyists in the United Kingdom. Given most users generally roll with the default settings, that outcome will probably continue feeding enough data to the ISPs for them to continue operating with their existing advertising-based business models. But at least there's the option to opt-out.
For those who want to enable DoH now (you really should), here's how:
Edge (new Chromium version only)
And finally, here's a list of publicly available DoH servers, should you wish to change from the default provider.
Enjoy the rest of this week's issue. Cheers,
The list of shame continues to grow
What do big corporations and Hollywood have in common? They love moral posturing, except when it will hurt their bottom line. The kowtowing to China really is something else. Meanwhile, the one company that has actually (unfairly) copped flack is doing quite well.
Blockchain's back, baby
It never really went anywhere. Unfortunately, Libra is looking more and more like vaporware. A shame.
The SoftBank/WeWork debacle continues
A 'vision fund' without much vision, it turns out. SoftBank found out the hard way that venture capital isn't as easy as it sounds. Apparently an eccentric founder pushing a property leasing company masquerading as a technology company isn't a recipe for success... unless you're that eccentric founder and happen to stumble across a 'vision fund' loaded with Japanese savings facing low or even negative yields (thank you, central banks of the world).
Other bits of interest
- The Manager's Schedule is holding remote work back »
- Regulating Big Tech makes them stronger, so they need competition instead »
- Facebook executives planned 'switcharoo' on data policy change »
- Facebook fought to keep a trove of thousands of explosive internal documents and emails secret. They were just published online in full. »
- Chronicle Is Dead and Google Killed It »
- India's most influential Twitter users are looking to move to little-known network Mastodon »
- Why $4.5 Billion From Big Tech Won’t End California Housing Crisis »
- Risky Mortgage Bonds Are Back and Delinquencies Are Piling Up »
Image of the weekView source →
Just what the world needs, more money printing... holders of assets, rejoice!
This week's data breaches
Apple, privacy champion? Yeah, nah.
- Apple is fixing encrypted email on macOS because it’s not quite as encrypted as we thought »
- The DNA database used to find the Golden State Killer is a national security leak waiting to happen »
- Facebook says 100 developers might have improperly accessed Groups member data »
- Facebook CEO Mark Zuckerberg Dismissed Tinder Cofounder As Irrelevant But Still Let Dating App Get Special Access To Users’ Data »
- Why hospitals are a weak spot in U.S. cybersecurity »
That's all for now. If you enjoyed this issue, feel free to share it via email →
Issue 44/2019: Google's not so bad was compiled by Dr Justin Pyvis and delivered on 12 November, 2019. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to his Keybase or Twitter account.