Google's not so bad

Issue 44/2019

Does Google leverage its users' browsing history and personal emails for profit? Of course. But at least it's upfront about it. Not so your internet service provider (ISP), to which you probably pay a decent sum every month for access to the internet:

ISPs have consistently claimed such [broadband privacy] rules aren't necessary because they aren't violating users' privacy. But their objections to DNS over HTTPS "has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over Internet usage," Mozilla told Congress. Mozilla said it believes the privacy upgrade has "become necessary to protect users in light of the extensive record of ISP abuse of personal data."

That ISP abuse includes mobile providers selling real-time location data "to third parties without user knowledge or meaningful consent;" ISPs such as Comcast "manipulat[ing] DNS to serve advertisements to consumers;" Verizon's use of "supercookies" to track Internet activity; and AT&T charging customers an extra $29 per month to avoid "the collection and monetization of their browsing history for targeted ads," Mozilla told Congress.

Web users are tracked by Google, Facebook, and other advertising companies, of course. ISPs, though, have "privileged access" to users' browsing histories because they act as the gateway to the Internet, Erwin said to Ars.

There is already "remarkably sophisticated micro-targeting across the Web," and "we don't want to see that business model duplicated in the middle of the network," he said. "We think it's just a mistake to use DNS for those purposes."

Technology such as DNS over HTTPS (DoH), properly implemented at the browser level, will destroy the business model mentioned above (for a technical summary, see Issue 32/2019). A more transparent ISP model is - from my perspective at least - a good thing, although it might mean prices have to rise a small amount.

So who will ultimately convince Congress, privacy advocates or ISPs? Interestingly, the United Kingdom successfully persuaded Mozilla not to enable DoH by default for its citizens:

Firebox builder Mozilla has confirmed to UK Culture Secretary Nicky Morgan that Britons won't be getting DNS-over-HTTPS (DoH) by default once the feature is included in the next run of browser updates.

In a letter to the Secretary of State for Digital, Culture, Media and Sport, Mozilla's global policy veep Alan Davidson said his Silicon Valley org "has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders."

I can't see Congress banning DoH, a move which would have severe unintended, security-related consequences. But it might find itself lobbied sufficiently to instruct Google (Chrome) and Mozilla (Firefox) not to enable it by default, as did lobbyists in the United Kingdom. Given most users generally roll with the default settings, that outcome will probably continue feeding enough data to the ISPs for them to continue operating with their existing advertising-based business models. But at least there's the option to opt-out.

For those who want to enable DoH now (you really should), here's how:

Brave

brave://flags/#dns-over-https

Chrome

chrome://flags/#dns-over-https

Edge (new Chromium version only)

edge://flags/#dns-over-https

Firefox

https://support.mozilla.org/en-US/kb/firefox-dns-over-https#w_enabling-and-disabling-dns-over-https

And finally, here's a list of publicly available DoH servers, should you wish to change from the default provider.

Enjoy the rest of this week's issue. Cheers,

— Justin


The bits


The list of shame continues to grow

What do big corporations and Hollywood have in common? They love moral posturing, except when it will hurt their bottom line. The kowtowing to China really is something else. Meanwhile, the one company that has actually (unfairly) copped flack is doing quite well.

Learn more:



The SoftBank/WeWork debacle continues

A 'vision fund' without much vision, it turns out. SoftBank found out the hard way that venture capital isn't as easy as it sounds. Apparently an eccentric founder pushing a property leasing company masquerading as a technology company isn't a recipe for success... unless you're that eccentric founder and happen to stumble across a 'vision fund' loaded with Japanese savings facing low or even negative yields (thank you, central banks of the world).

Learn more:



Image of the week

View source

Quantitative Easing Four is here

The fourth iteration of 'Quantitative Easing' (QE4) is here. Europe has resumed its own version, too. Japan never stopped.

Just what the world needs, more money printing... holders of assets, rejoice!


This week's data breaches



That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 44/2019: Google's not so bad was compiled by Dr Justin Pyvis and delivered on 12 November, 2019. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to his Keybase or Twitter account.