Spy Agency Attacking Mozilla’s DoH Encrypted Web Browsing Initiative Drew Wilson | June 12, 2019 Mozilla has been developing DoH web encryption to enhance users privacy. Naturally, the GCHQ has a problem with that. In the last few years, there has been a sharp focus on enhancing a users privacy capabilities. A lot of the ideas revolve around preventing third parties from intercepting data and using it without the users knowledge. More than a year ago, we here at Freezenet voluntarily rolled out an initiative to support HTTPS on our site. The idea is to add a layer of protection to stop man-in-the-middle attacks. Later on that year, Mozilla began building something known as DoH encryption. More broadly, this is known as DNS over HTTPS encryption. In May, 2018, Mozilla posted an explanation for what it all means. Without getting too far into the particulars, it’s essentially a new form of encryption to make web browsing more secure. With this, it’ll make it more difficult to redirect traffic to a malicious copy of a website via hijacking a users access to DNS records. After a year of development, it seems that spy agencies are beginning to say that they don’t like this initiative very much. According to The Telegraph, the GCHQ (Britain’s spy agency), is livid that users will be able to obtain better privacy: GCHQ has issued a warning about Google’s plans for new encrypted browsers, amid concerns the technology could increase the risk of cyber attacks and impede police investigations. The cyber spy agency has said incoming changes to popular browsers such as Chrome could undermine its existing Government protections against malicious websites. It comes as the police have also expressed concerns about the “unintended consequences” the new browsers could have for future investigations. Another report from the Internet Watch Foundation (IWF) is trying to paint this new layer of privacy as an initiative to help the child pornographers win. From Computing UK: Implementation of DNS over HTTPS (DoH) encryption would endanger children’s online safety by making it harder to block child-abuse images on the web, the Internet Watch Foundation (IWF) has warned. IWF is the UK’s child exploitation watchdog. IWF has been working for several years to create technologies to help people who were abused as children and whose images still appear online. The URL List (or block list) created by the IWF is used by internet service providers across the world to block web pages showing videos and images of child abuse. Some of these webpages also show live videos of abuse. But IWF claims that effort might be wasted in coming months with implementation of DoH. This protocol is being promoted by companies like Google, Mozilla, and Cloudfare, which have been working to introduce this encryption technique globally. DoH will make keeping such a record almost impossible. Not only will it encrypt all user requests, but it will also enable browsers such as Chrome to bypass parental controls that rely on ISPs filtering out illegal and offensive web content. It’s somewhat ironic that these two opinions wind up offering a powerful selling point to DoH encryption. It prevents censorship and will prevent third parties from spying on users browsing sessions. The thing is, with what is brought up by IWF, is that child abuse is often used as an excuse to block privacy initiatives as well as sell countries on surveillance legislation. Canadian’s know this all too well if they’ve paid attention to the debates surrounding the Lawful Access Internet surveillance debates of 2012. When Conservatives pushed for warrantless surveillance legislation at the time, they brought on a lot of controversy onto their party as a result. Rather than backing down and letting common sense take hold, they doubled down through Vic Toews who famously quipped that you “can either stand with us or with the child pornographers.” Fortunately for Canadians, the surveillance legislation failed to pass thanks to the fact that such a talking point became widely discredited. Of course, child abuse isn’t the only tool in the publicity war chest used to impede privacy. American’s are likely familiar with one of the famous lines used to sell American’s on warrantless wiretapping. That, of course, San Francisco Attorney General Michael Mukasey who famously said that a missed phone call led to 9/11. That talking point, again, has long since been debunked. Unfortunately, American’s now suffer from warrantless wiretapping to this day. This is thanks in part to talking points like the above. With the years of talking points like this, it’s quite hard to trust anything spy agencies and government officials surrounding privacy and encryption. It’s especially hard when they rely on similar talking points as well. If anything, it re-opens old credibility wounds and ends up being counterproductive on their part. In the end, what the GCHQ ended up accomplishing is lending credibility to Mozilla’s encryption initiative. It doesn’t appear as though Mozilla is backing down any time soon from this. It’ll be interesting to see if those who are against security and privacy will ratchet up pressure against organizations like Mozilla in some form. That, of course, will only lend additional publicity for the initiative in the first place. As we’ve seen in the file-sharing debates, that’s never stopped authorities before. Drew Wilson on Twitter: @icecube85 and Facebook.