Last month, Google announced a plan to encrypt DNS — or DNS over HTTPS (DoH) — in Chrome. In the United States, this was met with criticism from Internet Service Providers for limiting monitoring capabilities, but supported by privacy activists. Google today is pushing back against “misconceptions” regarding its rollout.
Whenever you type a URL into your browser (for example “redcross.org”), this information is sent to a domain name system (DNS) provider that converts that request into the unique numerical “IP address” (e.g. 184.108.40.206) that identifies websites on the Internet.
The current lack of encryption when browsers make requests to DNS providers means that others could track what sites you’re visiting or maliciously redirect you to another page. Chrome and other browser solutions involve secure DNS connections with DNS-over-HTTPS.
Google starts by noting that it is not changing a user’s DNS provider to its own 220.127.116.11 service. Rather, Chrome is just supporting those secure connections if you’re using a current provider that supports DoH.
Chrome will check if the user’s DNS provider is among a list of participating DoH-compatible providers and if so, it will enable DoH. If the DNS provider is not on the list, Chrome won’t enable DoH and will continue to operate as it does today.
Another concern has been how encrypted DNS in Chrome will interfere with parental controls offered by ISPs that block inappropriate websites. There should be no actual impact.
In fact, any existing content controls of your DNS provider, including any protections for children, should remain active. DoH secures the URL data only while it’s in transit between your browser and the DNS provider, so your provider’s malware protection and parental control features will continue to work as they have in the past.
So far, Chrome only has plans to roll out DoH support for 1% of users. Still an “experiment,” Google wants to monitor performance and reliability, while Chrome 79 will offer the ability to opt-out via a new flag: chrome://flags/#dns-over-https.
FTC: We use income earning auto affiliate links. More.