Issue 53

Google's not so bad

Delivered on 12 November 2019 by Justin Pyvis. About a 4 min read.

Does Google leverage its users' browsing history and personal emails for profit? Of course. But at least it's upfront about it. Not so your internet service provider (ISP), to which you probably pay a decent sum every month for access to the internet:

ISPs have consistently claimed such [broadband privacy] rules aren't necessary because they aren't violating users' privacy. But their objections to DNS over HTTPS "has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over Internet usage," Mozilla told Congress. Mozilla said it believes the privacy upgrade has "become necessary to protect users in light of the extensive record of ISP abuse of personal data."

That ISP abuse includes mobile providers selling real-time location data "to third parties without user knowledge or meaningful consent;" ISPs such as Comcast "manipulat[ing] DNS to serve advertisements to consumers;" Verizon's use of "supercookies" to track Internet activity; and AT&T charging customers an extra $29 per month to avoid "the collection and monetization of their browsing history for targeted ads," Mozilla told Congress.

Web users are tracked by Google, Facebook, and other advertising companies, of course. ISPs, though, have "privileged access" to users' browsing histories because they act as the gateway to the Internet, Erwin said to Ars.

There is already "remarkably sophisticated micro-targeting across the Web," and "we don't want to see that business model duplicated in the middle of the network," he said. "We think it's just a mistake to use DNS for those purposes."

Technology such as DNS over HTTPS (DoH), properly implemented at the browser level, will destroy the business model mentioned above (for a technical summary, see Issue 32/2019). A more transparent ISP model is - from my perspective at least - a good thing, although it might mean prices have to rise a small amount.

So who will ultimately convince Congress, privacy advocates or ISPs? Interestingly, the United Kingdom successfully persuaded Mozilla not to enable DoH by default for its citizens:

Firebox builder Mozilla has confirmed to UK Culture Secretary Nicky Morgan that Britons won't be getting DNS-over-HTTPS (DoH) by default once the feature is included in the next run of browser updates.

In a letter to the Secretary of State for Digital, Culture, Media and Sport, Mozilla's global policy veep Alan Davidson said his Silicon Valley org "has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders."

I can't see Congress banning DoH, a move which would have severe unintended, security-related consequences. But it might find itself lobbied sufficiently to instruct Google (Chrome) and Mozilla (Firefox) not to enable it by default, as did lobbyists in the United Kingdom. Given most users generally roll with the default settings, that outcome will probably continue feeding enough data to the ISPs for them to continue operating with their existing advertising-based business models. But at least there's the option to opt-out.

For those who want to enable DoH now (you really should), here's how:

Brave

brave://flags/#dns-over-https

Chrome

chrome://flags/#dns-over-https

Edge (new Chromium version only)

edge://flags/#dns-over-https

Firefox

https://support.mozilla.org/en-US/kb/firefox-dns-over-https#w_enabling-and-disabling-dns-over-https

And finally, here's a list of publicly available DoH servers, should you wish to change from the default provider.

The list of shame continues to grow

What do big corporations and Hollywood have in common? They love moral posturing, except when it will hurt their bottom line. The kowtowing to China really is something else. Meanwhile, the one company that has actually (unfairly) copped flack is doing quite well.

Learn more:

Blockchain's back, baby

It never really went anywhere. Unfortunately, Libra is looking more and more like vapourware. A shame.

Learn more:

The SoftBank/WeWork debacle continues

A 'vision fund' without much vision, it turns out. SoftBank found out the hard way that venture capital isn't as easy as it sounds. Apparently an eccentric founder pushing a property leasing company masquerading as a technology company isn't a recipe for success... unless you're that eccentric founder and happen to stumble across a 'vision fund' loaded with Japanese savings facing low or even negative yields (thank you, central banks of the world).

Learn more:

Other bits of interest

Image of the week

The fourth iteration of 'Quantitative Easing' (QE4) is here. Europe has resumed its own version, too. Japan never stopped.

Just what the world needs, more money printing... holders of assets, rejoice!

This week's data breaches

Apple, privacy champion? Yeah, nah.

The breaches:


Issue 53: Google's not so bad was compiled by Justin Pyvis and delivered on 12 November 2019. Join the conversation on the fediverse at Detrended.net.