Encrypted DNS Could Help Close the Biggest Privacy Gap on the Internet. Why Are Some Groups Fighting Against It?

from EFF

Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption.

Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a list of who visits a particular site. Malicious DNS resolvers or on-path routers can also tamper with your DNS request, blocking you from accessing sites or even routing you to fake versions of the sites you requested.

More here.

Posted in Innovation, Technology and tagged , , , .


  1. The death of privacy is a lamentable consequence of technology’s rapid growth. For the longest time, I believed there was no way that we could enjoy technology’s advantages without also sacrificing all of our privacy in the process. This new initiative, DoH, shows that though technology may be creeping into our personal lives, we can still use it to our advantage to protect ourselves in new and inventive ways.

    By preventing “on-path eavesdropping, spoofing, and blocking by encrypting your DNS requests with TLS”, internet users can sleep better at night knowing that the government and Jeff Bezos are not breathing down their necks, watching and tracking their every move.

    Unfortunately, this article points out that while DoH would solve may privacy issues, many influential parties have expressed concerns about what would happen if DoH were made available to the public, and that is a nice way of saying that our corporate overlords are not going to surrender their spying capabilities without a fight.

    If it were as easy to develop a way to protect people online and implement it, the Internet would be a much simpler place. The internet is, unfortunately, controlled by these entities to some degree. The ability to track users in this manner is certainly a way that these entities maintain their power, and probably profit to some degree as well. Their ‘concerns’ about Internet users becoming better protected online are probably cheaply masking their real concerns of losing profit or influence.

    At the end of the day, some of these concerns may be legitimate. DoH could certainly cause some issues, the extent of which we probably would not know until it was implemented, and that means it may be something of a risky move. However, with a simple comparison of the pros and cons, it is quite easy to see how positively affecting the privacy of hundreds of millions of people with DoH protections is such a great thing that many of these smaller, more isolated concerns should probably be dealt with in a different way than completely abandoning the DoH project.

    Average citizens have also voiced concerns that DoH would help concentrate DNS resolvers in the hands of just a few entities, whereas many thousands exist presently. The previous point applies here, which is to say that the government can step in and regulate those smaller entities to ensure there is no dishonesty or maliciousness going on.

    We should certainly not toss DoH in the trash because of a few small legitimate concerns. As with all things, there will be pros and cons. We should be accepting of the fact that DoH may cause real, and even serious issues, simply on the basis that the privacy of so many people is at stake here. We have discussed issues with corporate entities following our tracks online, but what about independent criminals? These entities would also be thwarted by DoH! For that reason, it’s safe to say that there isn’t a big argument to be had here; one side is clearly correct.

  2. This article by Max Hunter, discussing DNS over HTTPS improving privacy while browsing the internet is a very interesting read. DNS is the system in web browsers that locates websites IP addresses when searched. DNS currently have no form of encryption for protection and this means that information about what websites you visit can be collected by eavesdroppers. To combat this problem a team of engineers created DoH, an encryption for DNS to prevent information being collected. However, while DoH appears to be the answer to many privacy concerns, it still faces opposition from many Internet Service Providers. ISPs believe that DoH have the potential to make it more difficult to block content in DNS and will end up increasing the power of DNS resolver operators.

    I fully support the implementation of DoH in order to increase the privacy of users browsing the internet. I use many add-ons in my web browser that help protect my data from being collected through adds and searches. DoH to me, is another step in further protecting my information being unknowingly collected while normally browsing the internet. I somewhat agree with the concerns of ISPs about the potential of DoH to be able to censor and monitor users activity. Regulations will have to be made in order to make sure DoH will only be used to protect data, not use or manipulate it. I hope to see DoH be implemented soon and the opposition of it will decrease as regulations get made.

  3. This is an important topic to discuss as privacy becomes a more prevalent issue as more of our lives and information are online. With every solution comes a new problem, and each solution has its pros and cons. I personally feel that in this situation, the pros outweigh the cons. By instituting encryption for DNS, it will help provide privacy protection for billions of devices. While it may make it more difficult to block certain content in certain areas, these technologies could help protect the privacy of a lot more people than it would need to block content for. If DoH and its similar encrypting technologies continue to be shot down or delayed out of these fears, the technologies will never develop to be able to compromise both issues, which will continue compromising our safety and privacy online.
    I think this would be a great step for digital security for the everyday consumer. Now big data collection is moving further and further into the realm of collecting and dissecting even the tiniest bits of data about a user, from how long it takes them to type and send an email to how long a user sits staring at a word document; tiny, seemingly outlandish and irrelevant (to us) and minuscule bits of data – but they all add up. Our digital profiles are becoming more and more prolific and profitable. I know from experience that a lot of people think encryption is meant for the big companies with the top secret data in their vaults, because that’s where the value on the internet used to be. Now, however, the value is in us, as individual consumers, and in collecting our digital data. This encryption technique is more important than ever for everyone using the internet, and I hope to see this technology widespread in the near future.

  4. The problem with the internet is the fact that DNS, the system that looks up a site’s IP address when you search for it in a browser is unencrypted. The concern with this is the fact that anyone along the path of your network to your DNS resolver can collect information about the sites that you are visiting which can lead to profiling based on the sites that you visit. A person example of this would be when I research products for classes that I am taking, I will later be advertised to about all related products. For example, I was researching the cost of a dog, I accessed several sites for information, and now every time I open new sites, I see advertisements for toys, treats, and grooming supplies for dogs. This is a little strange that someone or some software out there is reading the IP addresses of the sites I am visiting and generating a personalized advertisement campaign for me. On top of this profiling there is a chance of hacking as malicious DNS resolvers can tamper with DNS requests, which could block access from the sites or even rout you to fake versions of the sites you requested where hackers can figure out passwords and other confidential information.
    Encrypted DNS is a huge win for security and privacy when it comes to browsing the internet but, many groups are up in arms fighting against the adoption of encrypted DNS. One such group is the UK Internet Service Providers Association. They claim that Mozilla, the creators of this encryption, is an “Internet Villain” for their role in the development of encrypted DNS. The reason for this back lash is because encrypted DNS undermines the UK’s plan to block access to online pornography, as part of their Digital Economy Act of 2017. Another concern with the encryption of DNS is the power it gives to DNS resolver operators. This is because encrypted DNS centralizes power by giving the operators the ability to censor and monitor browser users’ online activity.

Leave a Reply to Jess N Cancel reply

Your email address will not be published. Required fields are marked *