The UK ISP BT has become the first of the major broadband providers to trial their own DNS over HTTPS resolver, which encrypts Domain Name System (DNS) requests.
This is response to Firefox offering its own choice of encrypted DNS resolver that would
effectively evade BT's current unencrypted DNS resolver which allows the UK government to monitor and log people's internet use, block websites that are considered 'harmful'; snitch people up to the police for politically incorrrect comments; and snitch
people up to copyright trolls over dodgy file sharing.
However BT's new service will allow people to continue using website blocking for parental control whilst being a lot safer from 3rd party snoopers on their networks.
BT have made the
following statement about its experimental new service:
BT are currently investigating roadmap options to uplift our broadband DNS platform to support improvements in DNS security -- DNSSEC, DNS over TLS (DoT) and DNS over
HTTPS (DoH). To aid this activity and in particular gain operation deployment insights, we have enabled an experimental DoH trial capability.
We are initially experimenting with an open resolver, but our plan is to move a closed
resolver only available to BT customers.
The BT DoH trial recursive resolver can be reached at https://doh.bt.com/dns-query/
We are deeply concerned that a new form of encryption being introduced to our web browsers will have terrible consequences for child protection.
The new system 204
known as DNS over HTTPS -- would have the effect of undermining the work of the Internet Watch Foundation (IWF); yet Mozilla, provider of the Firefox browser, has decided to introduce it, and others may follow.
The amount of
abusive content online is huge and not declining. Last year, the IWF removed more than 105,000 web pages showing the sexual abuse of children. While the UK has an excellent record in eliminating the hosting of such illegal content, there is still a
significant demand from UK internet users: the National Crime Agency estimates there are 144,000 internet users on some of the worst dark-web child sexual abuse sites.
To fight this, the IWF provides a URL block list that allows
internet service providers to block internet users from accessing known child sexual abuse content until it is taken down by the host country. The deployment of the new encryption system in its proposed form could render this service obsolete, exposing
millions of people to the worst imagery of children being sexually abused, and the victims of said abuse to countless sets of eyes.
Advances in protecting users' data must not come at the expense of children. We urge the secretary
of state for digital, culture, media and sport to address this issue in the government's upcoming legislation on online harms.
Sarah Champion MP;
Tom Watson MP;
Carolyn Harris MP;
Tom Brake MP;
Ian Lucas MP;
Tim Loughton MP;
Giles Watling MP;
Madeleine Moon MP;
Vicky Ford MP;
Rosie Cooper MP;
Lord Harris of Haringey
The IWF service is continually being rolled out as an argument against DoH but I am starting to wonder if it is still relevant. Given the universal revulsion against child sex abuse then I'd suspect that little of it would now be located on the open
internet. Surely it would be hiding away in hard to find places like the dark web, that are unlikely to stumbled on by normal people. And of course those using the dark web aren't using ISP DNS servers anyway.
In reality the point of using DoH is
to evade government attempts to block legal porn sites. If they weren't intending to block legal sites then surely people would be happy to use the ISP DNS including the IWF service.
The Internet Services Providers' Association has announced the finalists for what its members consider as the 2019 Internet Hero and Villain.
The Internet Hero nominations this year include those campaigning to improve trust and confidence online;
mapping out the UK's evolving broadband landscape; and working on global internet governance issues. While, the Villain nominees take in the impact of new technical standards on existing online protections, the balance between freedom of expression and
copyright online and the global telecoms supply chain.
This year's nominations for the 2019 Internet Heroes and Villains in full are:
ISPA Internet Hero
Sir Tim Berners-Lee -- for spearheading the Contract for the Web campaign to rebuild trust and protect the open and free nature of the Internet in the 30 th anniversary of the World Wide Web
Andrew Ferguson OBE, Editor, Thinkbroadband - for
providing independent analysis and valuable data on the UK broadband market since the year 2000
Oscar Tapp-Scotting & Paul Blaker, Global Internet Governance Team, DCMS -- for leading the UK Government's efforts to ensure a balanced and
proportionate agenda at the International Telecommunications Union Conference
ISPA Internet Villain
Mozilla -- for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK
Article 13 Copyright Directive -- for threatening
freedom of expression online by requiring content recognition technologies across platforms
President Donald Trump -- for causing a huge amount of uncertainty across the complex, global telecommunications supply chain in the course of trying to
protect national security
The winners of this year's Heroes and Villains will be chosen by the ISPA Council, and will be announced at the ISPA Awards Ceremony on 11th July in London
Update: Villainous ISPs decide that colluding with censors and
snoopers is bad PR
The villains of ISPA have withdrawn their nomination of the heroic Mozilla as an internet villain. ISPA writes:
Last week ISPA included Mozilla in our list of Internet Villain nominees for our upcoming annual awards.
In the 21 years the event has been running it is probably fair to say that no other nomination has generated such strong opinion. We have previously given the award to the Home Secretary for pushing surveillance legislation,
leaders of regimes limiting freedom of speech and ambulance-chasing copyright lawyers. The villain category is intended to draw attention to an important issue in a light-hearted manner, but this year has clearly sent the wrong message, one that doesn't
reflect ISPA's genuine desire to engage in a constructive dialogue. ISPA is therefore withdrawing the Mozilla nomination and Internet Villain category this year.
TechDirt noted that the ISPA nomination was kindly advertising Mozilla's
Firefox option for DNS over HTTPS:
ISPA nominated Mozilla for the organization's meaningless internet villain awards for, at least according to ISPA, undermining internet safety standards in the UK:
Of course Mozilla is doing nothing of the sort. DNS over HTTPS not only creates a more secure internet that's harder to filter and spy on, it actually improves overall DNS performance, making everything a bit faster. Just because this
doesn't coalesce with the UK's routinely idiotic and clumsy efforts to censor the internet, that doesn't somehow magically make it a bad idea.
Of course, many were quick to note that ISPA's silly little PR stunt had the opposite
effect than intended. It not only advertised that Mozilla was doing a good thing, it advertised DNS over HTTPS to folks who hadn't heard of it previously. Matthew Prince P (@eastdakota) tweeted:
Given the number of
people who've enabled DNS-over-HTTPS in the last 48 hours, it's clear @ISPAUK doesn't understand or appreciate @mmasnick's so-called "Streisand Effect."
Here at the IWF, we've created life-changing technology and data sets helping people who were sexually abused as children and whose images appear online. The IWF URL List , or more commonly, the block list, is a list of live webpages that show children
being sexually abused, a list used by the internet industry to block millions of criminal images from ever reaching the public eye.
It's a crucial service, protecting children, and people of all ages in their homes and places of
work. It stops horrifying videos from being stumbled across accidentally, and it thwarts some predators who visit the net to watch such abuse.
But now its effectiveness is in jeopardy. That block list which has for years stood
between exploited children and their repeated victimisation faces a challenge called DNS over HTTPS which could soon render it obsolete.
It could expose millions of internet users across the globe - and of any age -- to the risk
of glimpsing the most terrible content.
So how does it work? DNS stands for Domain Name System and it's the phonebook by which you look something up on the internet. But the new privacy technology could hide user requests, bypass
filters like parental controls, and make globally-criminal material freely accessible. What's more, this is being fast-tracked, by some, into service as a default which could make the IWF list and all kinds of other protections defunct.
At the IWF, we don't want to demonise technology. Everyone's data should be secure from unnecessary snooping and encryption itself is not a bad thing. But the IWF is all about protecting victims and we say that the way in which DNS
over HTTPS is being implemented is the problem.
If it was set as the default on the browsers used by most of us in the UK, it would have a catastrophic impact. It would make the horrific images we've spent all these years blocking
suddenly highly accessible. All the years of work for children's protection could be completely undermined -- not just busting the IWF's block list but swerving filters, bypassing parental controls, and dodging some counter terrorism efforts as well.
From the IWF's perspective, this is far more than just a privacy or a tech issue, it's all about putting the safety of children at the top of the agenda, not the bottom. We want to see a duty of care placed upon DNS providers so they
are obliged to act for child safety and cannot sacrifice protection for improved customer privacy.