Encrypted DNS Could Help Close the Biggest Privacy Gap on the Internet. Why Are Some Groups Fighting Against It?

from EFF

Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption.

Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a list of who visits a particular site. Malicious DNS resolvers or on-path routers can also tamper with your DNS request, blocking you from accessing sites or even routing you to fake versions of the sites you requested.

More here.

, , ,

One Response to Encrypted DNS Could Help Close the Biggest Privacy Gap on the Internet. Why Are Some Groups Fighting Against It?

  1. Joe Antonucci October 18, 2019 at 9:00 pm #

    The death of privacy is a lamentable consequence of technology’s rapid growth. For the longest time, I believed there was no way that we could enjoy technology’s advantages without also sacrificing all of our privacy in the process. This new initiative, DoH, shows that though technology may be creeping into our personal lives, we can still use it to our advantage to protect ourselves in new and inventive ways.

    By preventing “on-path eavesdropping, spoofing, and blocking by encrypting your DNS requests with TLS”, internet users can sleep better at night knowing that the government and Jeff Bezos are not breathing down their necks, watching and tracking their every move.

    Unfortunately, this article points out that while DoH would solve may privacy issues, many influential parties have expressed concerns about what would happen if DoH were made available to the public, and that is a nice way of saying that our corporate overlords are not going to surrender their spying capabilities without a fight.

    If it were as easy to develop a way to protect people online and implement it, the Internet would be a much simpler place. The internet is, unfortunately, controlled by these entities to some degree. The ability to track users in this manner is certainly a way that these entities maintain their power, and probably profit to some degree as well. Their ‘concerns’ about Internet users becoming better protected online are probably cheaply masking their real concerns of losing profit or influence.

    At the end of the day, some of these concerns may be legitimate. DoH could certainly cause some issues, the extent of which we probably would not know until it was implemented, and that means it may be something of a risky move. However, with a simple comparison of the pros and cons, it is quite easy to see how positively affecting the privacy of hundreds of millions of people with DoH protections is such a great thing that many of these smaller, more isolated concerns should probably be dealt with in a different way than completely abandoning the DoH project.

    Average citizens have also voiced concerns that DoH would help concentrate DNS resolvers in the hands of just a few entities, whereas many thousands exist presently. The previous point applies here, which is to say that the government can step in and regulate those smaller entities to ensure there is no dishonesty or maliciousness going on.

    We should certainly not toss DoH in the trash because of a few small legitimate concerns. As with all things, there will be pros and cons. We should be accepting of the fact that DoH may cause real, and even serious issues, simply on the basis that the privacy of so many people is at stake here. We have discussed issues with corporate entities following our tracks online, but what about independent criminals? These entities would also be thwarted by DoH! For that reason, it’s safe to say that there isn’t a big argument to be had here; one side is clearly correct.

Leave a Reply