IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: Browser Administrative Authority

"Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com> Mon, 27 May 2019 14:03 UTC

Return-Path: <Glenn.Deen@nbcuni.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ABB7120132 for <add@ietfa.amsl.com>; Mon, 27 May 2019 07:03:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cta9amh_lawx for <add@ietfa.amsl.com>; Mon, 27 May 2019 07:03:57 -0700 (PDT)
Received: from mx0a-00176a04.pphosted.com (mx0a-00176a04.pphosted.com [67.231.149.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E46B120004 for <add@ietf.org>; Mon, 27 May 2019 07:03:57 -0700 (PDT)
Received: from pps.filterd (m0048276.ppops.net [127.0.0.1]) by m0048276.ppops.net-00176a04. (8.16.0.27/8.16.0.27) with SMTP id x4RDvq86004095 for <add@ietf.org>; Mon, 27 May 2019 10:03:56 -0400
Received: from usushmgip001.mail.tfayd.com ([216.178.109.235]) by m0048276.ppops.net-00176a04. with ESMTP id 2spxmwu2n5-1 (version=TLSv1.2 cipher=RC4-SHA bits=128 verify=NOT) for <add@ietf.org>; Mon, 27 May 2019 10:03:56 -0400
Received: from unknown (HELO potemwp00015.mail.tfayd.com) ([10.40.33.204]) by usushmgip001.mail.tfayd.com with ESMTP; 27 May 2019 07:03:56 -0700
Received: from potemwp00026.mail.tfayd.com (100.124.56.50) by potemwp00009.mail.tfayd.com (100.124.56.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Mon, 27 May 2019 08:03:55 -0600
Received: from potemwp00029.mail.tfayd.com (100.124.56.53) by potemwp00026.mail.tfayd.com (100.124.56.50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Mon, 27 May 2019 08:03:54 -0600
Received: from potemwp00029.mail.tfayd.com ([100.124.56.53]) by potemwp00029.mail.tfayd.com ([100.124.56.53]) with mapi id 15.01.0669.032; Mon, 27 May 2019 08:03:54 -0600
From: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
To: Paul Wouters <paul@nohats.ca>
CC: Melinda Shore <melinda.shore@nomountain.net>, "add@ietf.org" <add@ietf.org>
Thread-Topic: [Add] [EXTERNAL] Re: Browser Administrative Authority
Thread-Index: AQHVFD55kcQmMbOCxUW7Bq14IfS/AaZ/AYw/
Date: Mon, 27 May 2019 14:03:54 +0000
Message-ID: <79261153-13AC-40DE-8A4A-46DEAB712ECF@nbcuni.com>
References: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com> <410f4e4d-aee0-d679-b454-6576de90b21a@nomountain.net> <76EF5603-618C-4A73-A4F9-7489B73B0757@nbcuni.com> <9ad7aa89-d751-e4c6-dede-e9c22faf6d20@nomountain.net>, <alpine.LRH.2.21.1905262020010.25783@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1905262020010.25783@bofh.nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-exclaimer-md-config: 47edc00f-f2d6-45ef-be83-8a353bd47e45
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-05-27_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905270099
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/A9IqZP181LB0AjuXm_Dz2aK01M4>
Subject: Re: [Add] [EXTERNAL] Re: Browser Administrative Authority
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 14:03:59 -0000

Hi Paul,

> On May 26, 2019, at 8:44 PM, Paul Wouters <paul@nohats.ca> wrote:
> 
> As a user I cannot determine that if I once google for "canadian contact
> lenses", who and why and where that info went. All I know is that 60%
> of ads are suddently about contact lenses across my house, devices and
> applications. And the only way out is to encrypt everything end to end,
> with no midle man or ISP seeing anything.

This may not be a good example for use in the current discussion as it’s really a web search and web page tracking example and not DNS as everything in this example can be accounted for entirely by what’s going on inside your browser, the search engine, and visited web pages.

It’s well documented that the search engine and linked visited web pages are all instrumented and mined to track your web visits and correlate them so that the Ad provider, which is owned and run by search engine, can sell Ads targeted to you.  The cited example is just the web search and advertising technology and business model at work.  

The hard work needed to turn DNS queries into such actionable target Ads isn’t worth doing when the search engine already knows the exact search terms you are looking for and all the subsequent web pages you visit afterward.   

The fact that they appear on many devices across your house would suggest that the tracking device infrastructure is also correlating your home activity around the shared NAT address your home uses, and it is then targeting ads to any browser activity that comes from that IP address.  All of this will still work the same way even when application and DNS traffic if encrypted end to end.

Encryption of DNS or general encryption of all network traffic won’t help in the case of tracking web activity by Ad networks since the search engine and every web page will still in the see, track, and report everything you do at the web application level.  The tracking and advertising technology and business model that finances much of the web won’t be affected in any way by on the wire encryption.

The discussion at hand isn’t about the web Ads business model, it’s about how  the deployment architectures of technologies like DoT and DoH might be best done,  what bad consequences may come from poor deployment choices, and what gaps are still missing in the technologies so as to permit them to be deployed without also breaking a lot of other important Internet, application, and web infrastructure at the same time.

-Glenn

v2.23.0 | Report a Bug | By Email