Ole Michaelis – DOH! Wait, what? DNS over https? | JSUnconf 2019 [Video]
Video uploaded by JSConf on June 4, 2019
Your ISP won’t Want You to Have This: How DNS-over-HTTPS Can Make Users Free
Read to know how to turn it on in your browser!
If you’re a user of the Mozilla FireFox browser, you already know about a new communication technology that lets you get free from ISPs surveillance. It’s called DNS-over-HTTPS or DoH for short. The Mozilla Foundation rolled this feature last September and immediately Google joined the game promising to introduce the DoH in the Chrome browser next release. Several years ago this news would never leave hi-tech blogs and websites, nowadays, they discuss DoH in US Congress and the broadband industry is lobbying against it. Why?
DNS or Domain Names System helps to convert websites addresses into words. Computers don’t “understand” English, you know. When you open your browser and type www.igotoffer.com in the address window, the software represents it to the computer as several groups of digits divided by dots. These groups of digits are called IP addresses. And yet, when you get to the website, you can see it’s name on the top of the page. It reads iGotOffer dot com and not 123.456.78 (it’s a fake IP for illustration purposes). This is what DNS is for. You send a request and it goes to the DNS server that connects to other servers with thousands and thousands of domain names on them to find the correct one. The DNS server compares IP addresses with the names the way a highway patrol officer compares the photo on your driving license ID with your face. Such DNS servers are called DNS resolvers and there’s no way you can avoid them. Your request can travel through several DNS resolvers on its way, but it always starts with the resolver of your internet provider. While routing you to a website you’re searching for, DNS resolvers also log your activity online. Thus, the ISP learns everything you do. By controlling the DNS resolver the provider can feed you with ads or cut down your download speed or install a firewall or a paywall.
If you connect to a public Wi-Fi hotspot, you hit the DNS resolver as well. This resolver may not set a firewall, but it can be spoofed or “poisoned” by hackers to reroute you to phishing websites to collect your personal data.
To avoid such risks, the DNSSEC technology was introduced but it didn’t involve any revisions of DNS transport protocols. You see, the DNS traffic has its own dedicated lane just like fire engines do. Any router features a special port for it. This is part of the problem why an end user can’t control it.
The Mozilla Foundation developers did a brilliant and yet a simple thing: all DNS traffic now can use the HTTPS protocol. This mighty protocol is responsible for downloading the websites content. Surely, it can “give a ride” to the DNS traffic as well!
Bye-bye, ISP surveillance, speed cut-downs and firewalls! British state internet regulators were the first to protest against DoH. They pointed out that with the DNS-over-HTTPS feature minors could access web porno while extremists of all sorts could reach banned propaganda websites. American providers emphasize the online security aspect and they aren’t completely wrong about it.
The thing is that not all DNS resolvers support the HTTPS protocol. That’s why Mozilla struck a deal with CloudFlare to serve as a DNS provider for FireFox users. For one thing, clouds can leak. Then again, CloudFlare is going to become a DoH monopolist at least for a while. We have witnessed already what being a monopolist in certain areas can do to digital giants. Facebook, for example, violated the users privacy by selling their data to third-party businesses. Why wouldn’t CloudFlare?
However, the lobbyists are more concerned with Google version of DoH. For now, Google Chrome is the most popular browser in the world. If the search giant implements the DoH feature in it, the new technology will expand as a wildfire. Google doesn’t even need third-party clouds for their DNS resolvers, it owns one of the largest cloud services in the world. Still, in an attempt to side-step the potential problem with the antitrust laws, the company issued several disclaimers concerning their version of DoH. For one thing, Google cautiously uses the word “experiment”. End users will be able to preserve parental control and malware on their devices if they choose to. The Chrome Enterprise and educational users will be excluded from the experiment. The DoH feature should be turned on manually. The white list of DoH friendly DNS providers is not limited to CloudFlare but also includes CleanBrowsing, DNS.SB, OpenDNS, and IBM’s Quad9 to start with.
Apple is still silent about Safari possible updates concerning DoH, and it’s a shame, really. So Mac and iOS users have to install other browsers to live a new experience on-line!
How To Turn DNS-over-HTTPS in Almost Every Browser!
FireFox
In the US DoH is turned on by default! Anyway, it’s good to know the ropes.
Go to Menu button -> Options -> General -> Network settings. The Connection Settings dialog will open. Find the Use DNS over HTTPS checkbox and check it. Your DNS traffic will be forced to CloudFlare.
Google Chrome
Since it’s experimental, the process may not go smoothly. We’re sorry, but Linux and iOS users are out of the game.
Type in the address box the following:
chrome://flags/#dns-over-https
Edge (Chromium-based version only)
Type in the address box the following:
edge://flags/#dns-over-https
Opera
Type in the address box the following:
opera://flags/opera-doh
Vivaldi
Type in the address box the following:
vivaldi://flags/#dns-over-https
Brave
Type in the address box the following:
brave://flags/#dns-over-https
Links
- DNS over HTTPS – Wikipedia
- How Can You Sell a Pre-owned Gadget Online – iGotOffer
- Everything About Apple’s Products – The complete guide to all Apple consumer electronic products, including technical specifications, identifiers and other valuable information.
Facebook
Twitter
RSS