‘Light-hearted’ awards category cancelled following backlash from security community

The UK’s Internet Service Providers Association (ISPA) has withdrawn Mozilla’s nomination from the ‘internet villain’ category of its upcoming awards ceremony, following backlash from the security community.

Earlier this month, ISPA unveiled the finalists for its 2019 ‘Heroes and Villains’ – two categories that were set to feature in the association’s annual awards ceremony in London this evening (July 11).

Shortlisted as an internet fiend in 2019 was tech non-profit Mozilla, for its proposed approach towards the introduction of the DNS-over-HTTPS internet protocol.

Do Not Snoop

For more than 30 years, the Domain Name System (DNS) has served as a key mechanism for accessing sites and services on the web.

It works by ‘resolving’ readily memorized domain names (such as example.com) to the numerical IP addresses that computers need to route surfers to websites or deliver emails to the correct domain.

Despite advances in privacy protections taking place across the internet, DNS remains largely untouched by efforts to make the web safer for users, with requests being sent in cleartext.

This allows third parties, such as governments and internet service providers (ISPs), to view users’ internet browsing activity.

In an effort to improve the privacy of DNS, Mozilla spearheaded the push towards DNS-over-HTTPS (DoH), which hides DNS queries inside regular HTTPS traffic – making it more difficult for third parties to snoop on user traffic.

DoH has been available as an experimental, opt-in feature for Mozilla’s web browser since the June 2018 debut of Firefox 62.

Choice and consent

With DoH positioned as a security and privacy-focused protocol, why, then, was Mozilla unceremoniously placed into the ‘internet villain’ category at this year’s ISPA awards?

According to the trade association, which represents providers of internet services in the UK, the creator of Firefox is proposing to “introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK”.

Providing more detail on its decision to nominate Mozilla to the villain category, ISPA also cited user choice, user consent, and data protection among its concerns.

The association’s reasoning, however, fell on deaf ears, as security and privacy advocates hit out at the trade group, with many implying that the ISP trade association was placing its own interests ahead of user privacy.

Such was the backlash from the nomination that the chairman of EuroISPA – a European ISP trade body – reportedly sought to distance the organization from the UK association’s stance.

Heroes and Villains

In the wake of the controversy, ISPA announced this week that it has withdrawn the Mozilla nomination and scrapped the ‘internet villain’ category entirely in 2019.

“The villain category is intended to draw attention to an important issue in a light-hearted manner, but this year has clearly sent the wrong message, one that doesn’t reflect ISPA’s genuine desire to engage in a constructive dialogue,” ISPA said.

“ISPA is therefore withdrawing the Mozilla nomination and Internet Villain category this year.”

Despite the withdrawal of the nomination, the association said it still believes that it is important to “properly scrutinize” the implementation plans for DoH.

“We recognize that things have started moving at Internet Engineering Task Force level... and look forward to engaging in a constructive discussion,” it said.

The ISPA awards take place in London this evening.

Although the villain prize has been scrapped, the ‘internet hero’ award is still going ahead, with Sir Tim Berners-Lee among those shortlisted.

ISPA did not respond to The Daily Swig’s request for comment.

RELATED ‘Middle-aged’ DNS tech still has lets to kick on