We all know Mozilla for its popular browser Firefox, and we have never had reason to assume that the company would ever be up to anything malicious. After all, it has neither the resources nor the motivation to pull anything like that. However, an industry group of internet service providers has termed the unassuming company an “internet villain”, simply for supporting a specific DNS security standard.
According to the British organization Internet Services Providers’ Association (ISPA), the Firefox manufacturer is rolling out a security feature that will apparently allow users to “bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.”
In a statement last year, Mozilla announced that it had plans to test a special feature called DNS-over-HTTPS with a small number of users. So what’s the big deal with this feature that has the ISPA all riled up? Well, whenever you visit a website, the DNS query that allows the computer to understand the web address is usually unencrypted.
Mozilla’s feature, on the other hand, is the first one to encrypt the DNS query, which means that it will be safe from all malicious attack. Furthermore, DNS-over-HTTPS also improves performance thereby making the overall browsing experience much faster.
So far, the new feature appears to be great for users and it’s unclear why anyone would object to it. However, ISPA’s beef with DNS-over-HTTPS is caused by the fact that the system is simply not compatible with the United Kingdom’s current website blocking protocol.
Under UK law, websites can be blocked for promoting the illegal use of copyrighted material or for containing terrorist propaganda or child abuse content. If DNS queries end up being encrypted, it will be more difficult for internet providers to filter their users’ content accordingly.
Unsurprisingly, the ISPA’s declaration has attracted quite a lot of criticism from the security community. The British organization continues to insist that DNS-over-HTTPS is going to do more harm than good, but they are also willing to engage in “further debate” over the issue.
In a statement given to TechCrunch, Mozilla spokesperson Justin O’Kelly said: “Despite claims to the contrary, a more private DNS would not prevent the use of content filtering or parental controls in the UK. DNS-over-HTTPS (DoH) would offer real security benefits to UK citizens. Our goal is to build a more secure internet, and we continue to have a serious, constructive conversation with credible stakeholders in the UK about how to do that.”
He went on to clarify that the company had no plans as of yet to implement the system in the UK as a default feature, and that they were exploring other regions as well.
“We have no current plans to enable DNS-over-HTTPS by default in the U.K. However, we are currently exploring potential DNS-over-HTTPS partners in Europe to bring this important security feature to other Europeans more broadly,” he said.