O Google Chrome already has experimental support for DNS-over-HTTPS (DoH), a feature that encrypts DNS requests to increase your privacy. As of version 78, scheduled for release in late October, the technology will be activated by default for more users. This is good, but operators are not happy.
As you know, DNS translates IP numbers to website addresses. So, instead of typing 184.108.40.206 in your browser, just type tecnoblog.net and that’s it, you have entered your favorite technology site. For this magic to happen, your browser queries a DNS server to find out which address belongs to which IP. And these requests are usually made in plain text.
With DNS-over-HTTPS, requests are made through an encrypted connection, preventing third parties from analyzing your traffic and finding out which sites you are accessing. By “third parties”, understand: even your internet provider would no longer be able to easily access your browsing history.
Operators would have less access to user browsing data
O Ars Technica noted that major operators, including a Association with members like AT&T, Telefonica and Verizon, sent a letter to the american congress warning that Google’s practice could “interfere on a large scale in critical internet functions, as well as cause problems with data competition”.
In the letter, operators claim that Google is looking to centralize DNS requests instead of spreading them across the hundreds of servers available on the Internet – such as those managed by the operators themselves.
“By interposing between DNS providers and users of Chrome (more than 60% worldwide share) and Android (more than 80% worldwide share of mobile operating systems), Google will gain greater control over user data in networks and devices around the world. This could inhibit competitors and possibly block competition in advertising and other sectors, ”says the letter.
Google defends itself saying that it has no plans to centralize DNS requests, nor to change users’ DNS servers to the famous 220.127.116.11/18.104.22.168. In fact, Chrome 78 will only activate the new technology if the person already has a DoH-compliant DNS – the list includes names like Google (obviously), Cloudflare, OpenDNS and Quad9, an IBM service focused on security.
Interestingly, the letter from the operators makes no reference to Mozilla, which has a much smaller market share, but plans a much more aggressive change. In the future, it doesn’t matter which DNS server the user sets up: Firefox will gradually switch to Cloudflare, which supports DoH. ¯ _ (ツ) _ / ¯
The big truth is that DoH takes some control out of operators, who can analyze DNS traffic to offer features like parental controls and block certain sites out there, but also do data mining to profit from their customers’ browsing information.
Users who maintain the operator’s default DNS (other than that person) would continue to provide data – all they need to do is support encryption and analyze browsing on their own servers. But those who switch to a Cloudflare or Google (and who now makes requests without any encryption) will leave much less tracks with DNS-over-HTTPS.