America's rotten ISPs object to encrypted DNS, argue that losing the ability to spy on your traffic puts them at a competitive disadvantage

I'm 100% in favor of pro-competitive regulation of Big Tech, and that is because I'm 100% in favor of pro-competitive regulation of all our hyper-concentrated, monopolistic industries.


I say this even though some of the campaign to subject Big Tech to anti-monopolistic regulation is being driven by America's rotten, spying, lying, hyper-concentrated phone and cable companies, and I want to break those scumbags up, too.


And though I'm no fan of Big Tech's bigness, not everything every Big Tech company does is in service to monopoly. Sometimes, it's in their interests — or in their executives' or employees' moral sensibilities — to stand by their users and do the right thing: Apple standing up to the FBI, say; or Facebook adding more end-to-end encryption to its products. When those companies stand up for their users, we need to stand up for them.


The latest company to do the right thing is Google, who have backed a plan to move the web to DNS-over-HTTPS, which is to say, the unregarded, absolutely essential, creaking Domain Name Service infrastructure will get a much needed, long overdue cryptographic makeover that will make it much harder for companies and governments and hackers to spy on you, to inject traffic into your browser, and to otherwise shenaniganize your networks connections.


Enter America's ISPs.


Ever since Trump's FCC chairman Ajit Pai lifted the ban on your ISPs spying on your network activity, America's cable and phone companies have been busily creating new internal products based on selling your most private, technologically mediated activities to all comers. If you start using DNS-over-HTTPS, your ISPs will lose that ability.

To prevent this from happening, the ISPs have co-opted the language of antitrust, insisting that DNS-over-HTTPS will give Google "a monopoly over DNS."

The technical term for this is: a lie.

Anyone can set up a DNS-over-HTTPS server (including your ISP, which could then go back to spying on your internet traffic, so it's really just a testament to how incredibly lazy and technologically incompetent they are that they're not just doing this and sneaking the spying back into your network connections while making deceptive claims about boosting your security). There are many such systems available already, and there will only be more.


But the ISPs aren't just using pro-competitive rhetoric to argue about "concentration in DNS." They're also claiming that DNS-over-HTTPS will put them at a competitive disadvantage in the market of spying on America and selling its secrets to all comers, a market that should not exist and that your ISP should not be in the business of.


There's a lazy critique of modern technology that goes, "If you're not paying for the product, you're the product," as though the reason tech companies hold you in such contempt is that you're not paying them. But you pay your ISP — more and more every year, even as their investment in infrastructure dwindles and their products suffer as a result — and you're still the product. That's because once you're captive to a monopolist, they sell you out in every way they can think of: Apple rips you off by monopolizing spares, repairs and apps. John Deere and GM rip you off by monopolizing repairs. Hedge fund landlords rip you off by monopolizing the rental stock in your town. Under conditions of monopoly, you are always the product, regardless of whether you're paying

Meanwhile, we're living through the most unequal moment since the Gilded Age, in which more and more of our fellow humans have negative net worths. The idea that simply putting a price-tag on participation in public discourse will make it better or more democratic just handwaves away this gross inequality. If you don't think that monopolists will happily take your money and then abuse you once you're locked in their walled gardens simply because you're paying them, you're not paying attention.

DNS-over-HTTPS isn't a good thing, it's an amazing, vital, crucial thing that we absolutely need to help secure the web against private, state and criminal surveillance. The cable industry's trustbusting rhetoric is a transparent joke.


Google laid out its plans in detail in a September 10 blog post. Starting with version 78, Chrome will begin experimenting with the new DoH feature. Under the experiment, Chrome will "check if the user's current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider," Google wrote. "If the DNS provider isn't in the list, Chrome will continue to operate as it does today."

One possible reason for confusion on this point is that Mozilla is planning a more aggressive rollout of the technology. The company is planning to gradually shift all of its users to DoH—whether or not their existing DNS provider supports it. The shift will make Cloudflare the default DNS provider for many Firefox users, regardless of the DNS settings of the underlying OS.

Mozilla has more latitude to do this because most surveys show Firefox with single-digit market share—and Firefox isn't a major DNS provider in its own right. So there'd be little basis for antitrust scrutiny if Mozilla shifts its users over to a new DNS provider. The same move could raise antitrust concerns if Google started switching Chrome users over to its own DNS. But Google says it has no plans to do that.

Why big ISPs aren't happy about Google's plans for encrypted DNS [Timothy B Lee/Ars Technica]