Mozilla is urging Congress to examine the privacy and security practices of internet service providers (ISPs), particularly as they relate to the domain name services (DNS) provided to American consumers.
Over the last two years, Mozilla, in partnership with other industry stakeholders, has been working to develop, standardize, and deploy DNS over HTTPs (DoH). Mozilla says that its goal with DoH is to protect essentially that same browsing activity from interception, manipulation, and collection in the middle of the network.
DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making. This can make it more difficult for ISPs or other third parties to monitor what websites you visit.
In a letter send to the U.S. Congress, Mozilla is asking Congress to examine the privacy and security practices of ISPs. Right now these companies have access to a stream of a user’s browsing history. "This is particularly concerning in light of to the rollback of the broadband privacy rules, which removed guardrails for how ISPs can use your data. The same ISPs are now fighting to prevent the deployment of DoH," Mozilla says.
"These developments have raised serious questions. How is your browsing data being used by those who provide your internet service? Is it being shared with others? And do consumers understand and agree to these practices? We think it’s time Congress took a deeper look at ISP practices to figure out what exactly is happening with our data," Mozilla continues.
"Unsurprisingly, our work on DoH [DNS over HTTPS] has prompted a campaign to forestall these privacy and security protections, as demonstrated by the recent letter to Congress from major telecommunications associations. That letter contained a number of factual inaccuracies," Mozilla Senior Director of Trust and Security Marshall Erwin said.
The broadband industry claimed that Google plans to automatically switch Chrome users to its own DNS service. Google's publicly announced plan is to "check if the user's current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider." If the user-selected DNS service is not on that list, Chrome would make no changes for that user.
Mozilla is planning to switch Firefox users to a different DNS provider by default, specifically Cloudflare's encrypted DNS service. But ISPs are apparently less concerned about Firefox than Chrome because of Firefox's smaller market share.
Comcast has been giving members of Congress a lobbying presentation that claims the encrypted-DNS plan would "centraliz[e] a majority of worldwide DNS data with Google" and "give one provider control of Internet traffic routing and vast amounts of new data about consumers and competitors." Comcast and other ISPs are urging Congress to intervene.
Mozilla says that ISPs have repeatedly manipulated DNS to serve advertisements to consumers.
The Firefox maker names Comcast and claims it has previously injected ads to users connected to its public wi-fi hotspots.
Mozilla added that Verizon tracked the internet activity of over 100 million users without their consent through “supercookies” that could not be deleted or circumvented.
"At Mozilla, we believe that to truly protect privacy, a combination of technical and regulatory solutions must be put inplace. Over the last year, we have launched privacy features in the Firefox browser while strongly advocating for federal privacy legislation. We believe that more information regarding ISP practices could be useful to the Committee as it continues its deliberations on this front,and we encourage the Committee to publicly probe current ISP data collection and use policies," Mozilla's letter concludes.