Now a lot of the traffic on the Internet is secure, and for example, if you visit this blog your traffic will be encrypted, so your ISP, government or hackers will not know which exact page you visit on the website. But unless you use a VPN or the Tor Network, they’ll still know/or find out you visited CNX Software as most DNS requests are now unencrypted. Hackers may also use a spoofed DNS to steal your credit card info while you think you input your details into a trusted website.
Beside using a VPN service, one solution is to use DNS over HTTPS (DoH) which encrypts the DNS request so that even your ISP or the government (unless there’s a backdoor) may not know which websites you visit. On top of improving privacy, DoH also improves security, as it’s harder to spoof DNS servers and by extension internet websites.
I tried it with Cloudflare 220.127.116.11 DNS service last year, but it was not overly easy to setup, and I had to disable 18.104.22.168 since it failed to resolve many Chinese websites. The good news is that Google has decided to enable DoH by default in the upcoming Chrome 78, and Mozilla will also rollout DoH in Firefox.
We should all be happy about the news, especially we don’t need to use Google DNS servers by default, and any DoH compatible DNS services, such as the one provided by Cloudflare will do. The latter also promised not to store IP addresses with KMPG contracted to audit their systems.
This has apparently made ISPs such as cable and wireless providers unhappy that they’ll lose access to all that user data, and according to the Wall Street Journal, the United States Congress’ anti-trust investigators are currently questioning Google over the update due to concerns raised by those companies that it could give Alphabet/Google a competitive advantage by making it harder for others to access consumer data.
But Google claims “they have no plans to centralize or change people’s DNS providers to Google by default”. This is still a valid concern as it would impact the decentralized nature of the Internet with most requests going through Google servers. So the Mozilla Foundation proposed policy requirements for DNS over HTTPs partners which include privacy & transparency requirements, as well as prohibitions with regards to blocking & modifying DNS requests.
The EFF (Electronic Frontier Foundation) is supportive of DoH standard, but also notes some valid shortcomings including the point mentioned above, as well as issues related to captive portals, which intercept connections briefly to force users to log on to a network, and content blocking such as on company networks (harder to block NSFW websites) or people using parental controls.
Via NotebookCheck.net & WSJ. The latter is behind a paywall so search for “Google Draws House Antitrust Scrutiny of Internet Protocol” to access the full article.