| I love Mozilla. I respect DoT/DoH. I support the adoption of private DNS for mature, independent, internet users. I personally value freedom of access to information over censorship. All these things should be protected by governments and the software we build. I do not, however, dismiss the UK’s argument that society needs a practical way to for parents to monitor and potentially filter what type of content their children are encountering online. I do not believe a child deserves the same privacy as a grown adult. It’s not even really arguable: it’s a parent’s responsibility to parent their children. The only practical way for a parent to do so if everything uses global/e2e DNS privacy is to give children “managed” devices with non-administrator accounts, or physically hovering over their shoulder all the time (yes children can earn more privacy as they build more trust and mature, but that’s for a parent to decide). It’s much easier and more effective to manage this at a network level. Furthermore, a consenting adult, without needing justification but common ones include: security, & ad-block, may choose to sacrifice a small amount of privacy (either because they don’t care or because they trust someone with the information) to enter into a relationship where they delegate filtering and monitoring to a third party. If someone wants to build a DNS resolver that doesn't resolve queries to companies run by assholes, then so be it. Browser mandated DNS privacy prevents all of this (unless you have administrative access to install and configure DNS resolvers on all the devices you own—but you don’t: thanks Apple and the cloud-based internet of shit). And even then if vendors pin keys or certs then have fun. Mozilla certainly isn’t the devil and doesn’t deserve this assessment, but the controversy surrounding fast-tracking proliferation of vendor-controlled DNS “privacy” is warranted. There’s a final point that often gets overlooked. If Mozilla or Google start shipping browsers that use their own DNS privacy resolvers, it’s a power play (whether intentional or not). They now control DNS, not you, not independent third parties. They now have more data about you. And they can start deploying nefarious things that only work in their vertically integrated web. I don’t think it’s that much of a stretch to say blindly and hastily pushing DNS privacy without standards in place to defend interoperability of software and internet systems and prevent even deeper vertical integration is bad for the internet. I am happy we have started exploring ways to extend privacy to the DNS. But I should be able to manage my network in my own home in whatever way I see fit. I do not wish to concede control of such a fundamental system so hastily to browser vendors, of all people. |
You say:
> society needs a practical way to for parents to monitor and potentially filter what type of content their children are encountering online.
I agree with you on this point. But how does Mozilla's initiative prevent parents from filtering what type of content their children are allowed to be exposed to online or asserting control over this activity?
I would first argue that this is more than anything a responsibility of the parent - unsupervised internet browsing by children should not really be happening and no technology can save people (children included) from themselves/mistakes/curiosity/etc. as efficient as education can. If the children are too young they won't care that their browsing is filtered, if they are old enough to be knowledgeable about this kind of stuff they will likely find a way to circumvent filtering.
Second, surely, Mozilla can make the DoH functionality optional and, together with other local access & filtering measures, you can probably put in place a system that works for this case. You're again correct that it’s easier to manage this at a network level, but private DNS doesn't automatically impede us to do so, albeit it forces our hands to do so differently if the user can't decide for himself when to use it.
Third, if enough demand will appear for such a feature (i.e. to allow parents to filter browsing for children), I am confident that paid or even free solutions will emerge to address it. The way I see it, users should not concede control to browser vendors, especially if they are Google, but also if they are governments. I argue that we should trust our (democratic)governments with many things, but not with the guarantee that they will always work in the public interest. We need mechanisms to ensure they're always kept in check _before_ things go south.
> If Mozilla or Google start shipping browsers that use their own DNS privacy resolvers, it’s a power play.
That's quite true and a reasonable point that I think needs addressing in a meaningful way. What we should have is more user control.