Issue 53

Google's not so bad

Does Google leverage its users' browsing history  and personal emails for profit? Of course. But at least it's upfront  about it. Not so your internet service provider (ISP), to which you probably pay a decent sum every month for access to the internet:

ISPs  have consistently claimed such [broadband privacy] rules aren't  necessary because they aren't violating users' privacy. But their  objections to DNS over HTTPS "has raised questions about how ISPs  collect and use sensitive user data in their gatekeeper role over  Internet usage," Mozilla told Congress. Mozilla said it believes the  privacy upgrade has "become necessary to protect users in light of the  extensive record of ISP abuse of personal data."

That ISP abuse  includes mobile providers selling real-time location data "to third  parties without user knowledge or meaningful consent;" ISPs such as  Comcast "manipulat[ing] DNS to serve advertisements to consumers;"  Verizon's use of "supercookies" to track Internet activity; and AT&T  charging customers an extra $29 per month to avoid "the collection and  monetization of their browsing history for targeted ads," Mozilla told  Congress.

Web users are tracked by Google, Facebook, and other  advertising companies, of course. ISPs, though, have "privileged access"  to users' browsing histories because they act as the gateway to the  Internet, Erwin said to Ars.

There is already "remarkably  sophisticated micro-targeting across the Web," and "we don't want to see  that business model duplicated in the middle of the network," he said.  "We think it's just a mistake to use DNS for those purposes."

Technology  such as DNS over HTTPS (DoH), properly implemented at the browser  level, will destroy the business model mentioned above (for a technical  summary, see Issue 32/2019).  A more transparent ISP model is - from my perspective at least - a good  thing, although it might mean prices have to rise a small amount.

So who will ultimately convince Congress, privacy advocates or ISPs? Interestingly, the United Kingdom successfully persuaded Mozilla not to enable DoH by default for its citizens:

Firebox  builder Mozilla has confirmed to UK Culture Secretary Nicky Morgan that  Britons won't be getting DNS-over-HTTPS (DoH) by default once the  feature is included in the next run of browser updates.

In a  letter to the Secretary of State for Digital, Culture, Media and Sport,  Mozilla's global policy veep Alan Davidson said his Silicon Valley org  "has no plans to turn on our DoH feature by default in the United  Kingdom and will not do so without further engagement with public and  private stakeholders."

I can't see Congress banning  DoH, a move which would have severe unintended, security-related  consequences. But it might find itself lobbied sufficiently to instruct  Google (Chrome) and Mozilla (Firefox) not to enable it by default, as  did lobbyists in the United Kingdom. Given most users generally roll  with the default settings, that outcome will probably continue feeding  enough data to the ISPs for them to continue operating with their  existing advertising-based business models. But at least there's the  option to opt-out.

For those who want to enable DoH now (you really should), here's how:

Brave

brave://flags/#dns-over-https

Chrome

chrome://flags/#dns-over-https

Edge (new Chromium version only)

edge://flags/#dns-over-https

Firefox

https://support.mozilla.org/en-US/kb/firefox-dns-over-https#w_enabling-and-disabling-dns-over-https

And finally, here's a list of publicly available DoH servers, should you wish to change from the default provider.

Enjoy the rest of this week's issue. Cheers,

— Justin


The bits

The list of shame continues to grow

What  do big corporations and Hollywood have in common? They love moral  posturing, except when it will hurt their bottom line. The kowtowing to  China really is something else. Meanwhile, the one company that has  actually (unfairly) copped flack is doing quite well.

Learn more:

Blockchain's back, baby

It never really went anywhere. Unfortunately, Libra is looking more and more like vapourware. A shame.

Learn more:

The SoftBank/WeWork debacle continues

A  'vision fund' without much vision, it turns out. SoftBank found out the  hard way that venture capital isn't as easy as it sounds. Apparently an  eccentric founder pushing a property leasing company masquerading as a  technology company isn't a recipe for success... unless you're that  eccentric founder and happen to stumble across a 'vision fund' loaded  with Japanese savings facing low or even negative yields (thank you,  central banks of the world).

Learn more:


Other bits of interest


Image of the week

The fourth iteration of 'Quantitative Easing' (QE4) is here. Europe has resumed its own version, too. Japan never stopped.

Just what the world needs, more money printing... holders of assets, rejoice!


This week's data breaches

Apple, privacy champion? Yeah, nah.

The breaches:

That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 53: Google's not so bad was compiled by Justin Pyvis and delivered on 12 November 2019. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to their Keybase or Riot.im account.