Google’s New Encrypted DNS
If I’m to believe the national media hype; Google is apparently trying to take over the Internet again. Luckily, I don’t believe the hype, I write my own. Google isn’t taking over the Internet, but they are planning something big. They’re planning to move the users of its Chrome browser version 78 and above over to a new domain name system (DNS) technology. DNS maps human-readable names, like www.thefactorytimes.com, and tells our computers to get information from an internet protocol (IP) address, such as 220.127.116.11; which is just one among four IP addresses that handle requests for us. This new technology, DNS-over-HTTPS, is a more secure way for our computers and phones to map domain names to IP addresses.
DNS is one of the core services of the Internet, and it’s been around since before the network of computers was even called the Internet. Today’s globally distributed domain name system handles billions of requests per day. What does DNS-over-HTTPS, or DoH, do for the average user? Why would anyone want to use it? One word quickly comes to mind, and that’s privacy. Currently, DNS requests flow over the open Internet, revealing both the website and the computer that requested it. This information is collected by your internet service provider (ISP) today, just as Google would be collecting it under DoH scenarios. The difference is, the DoH encrypts the request so people on the open Internet can’t look at what websites you’re trying to visit.
So, where’s the controversy? There are myriad. Since so few providers currently support DoH, users and other companies are afraid that Google will become the de-facto centralized provider for these kinds of DNS services. This is nothing new for Google, who always seems be in hot (monopolistic) water. Even though Mozilla, the maker of the Firefox browser, has created and plans to implement their own DoH services, anti-trust regulators are carefully looking into possible anti-competitive practices at both companies. Google and Firefox have already been prohibited from defaulting to their own DoH servers in the settings for their respective browsers in the United Kingdom.
Additionally, savvy end-users and government officials alike are especially concerned with the disposition of massive amount of log files Google will no doubt be collecting. Regardless of Google’s intentions in becoming a centralized DoH provider, simply by being one of the largest DoH providers in the world will centralize a great deal of metadata in their log files. An anti-trust case is even being pursued against the company, specifically for this DoH rollout. The case is purportedly aimed at proving Google is promoting their implementation of the protocol, rather than making DoH services a fair playing field for any provider to step up to and compete in.
Our final controversy is; what happens when law enforcement might want or need to get their hands on a criminal’s Internet history? A big part of that history isn’t in the browser, or even in the cloud, but in the DNS requests sent from the subject’s phone or PC. Their provider likely doesn’t pay much attention to the requests, even while in search of incriminating domain names. Traditional implementations of DNS send information in plainly readable formats, something law enforcement takes advantage of by sniffing the traffic whenever possible. DoH encrypts the traffic, so sniffing information from the traffic is no longer possible. Beyond that, obtaining the logs of a subject’s DNS requests would become significantly harder if the user has Google’s DoH implemented. Google’s role in the rollout and implementation would make the company one of the key players in answering subpoenas for such information in both criminal and civil cases. It should be no surprise to anyone that Google’s legal team isn’t historically forthcoming with subpoena requests.
My personal take on all this is, it’s sort of a Much Ado About Nothing situation. For me, my home DNS is already pointing to Google’s Public DNS Service. Switching over to their DNS-over-HTTPS will, hopefully, be seamless for me. Is there an inherent risk to depending on so many Google services, that is, any one company? Absolutely there are risks, so I don’t put all my technological eggs in one basket, and neither should you. If you only have a Gmail account, go sign up for an Outlook.com account. Mix and match brand names at home, especially in networking equipment. It’s OK to have a Motorola modem, a Netgear router, and a Google Wifi access point. It should also be just as fine to use Google’s Chrome browser with Mozilla’s DoH servers, or vice-versa. Let’s see if that’s how this whole thing plays out.