What you need to know
- The House Judiciary Committee is investigating Google's plans to add DNS Encryption to its Chrome browser.
- In addition to the House Judiciary Committee, the Justice Department has also reportedly received complaints over the protocol change.
- Internet service providers are concerned the new standard will result in them being shut out from user data.
Just two weeks after 50 U.S. states and territories signed onto an antitrust investigation against Google, a report from The Wall Street Journal has revealed that the House Judiciary Committee is now probing the Mountain View-based company over concerns that its plan to encrypt DNS in its Chrome browser will give it a competitive edge and make it more difficult for others to access consumer data.
Investigators from the House Judiciary Committee reportedly asked Google to provide information about its "decision regarding whether to adopt or promote the adoption" of DNS over TLS protocol. A letter sent to the company by the House Judiciary Committee on September 13 also asked whether the data collected using the new protocol will be used for commercial purposes.
As per the report, the Justice Department has also received complaints expressing concerns over the protocol change. Internet service providers are concerned that the new protocol will "alter the internet's competitive landscape" and shut them out from the majority of user data. Some of them are worried about Google encouraging Chrome users to switch to its own services.
A coalition of ISPs wrote in a September 19 letter sent to the Congress:
Google has said that adding Domain Name System over Transport Layer Security will help prevent spoofing attacks and snooping on the websites visited by users. In addition to Google, Mozilla is also planning to implement DNS over TLS in its Firefox browser.
EU court decision proves what we already knew: you're never going to be forgotten
So ISPs are now worried that they can no longer steal...errr..."collect" my data and infringe on my non-existent privacy? Instead, Google will do all that by itself... Damned if you do, damned if you don't...on the other hand at this moment and in it's current state, Congress trying to move Google to do anything, is like a flea trying to bite an elefant...
This . Firefox and Safari have been doing this as long or longer than Chrome. DNS over TLS/HTTPS is good security that protects you and me from bad guys. The Telcos are upset because they can't produce a product that people want to use (Facebook, iPhone, Gmail, Google Search, Maps, etc.) so they have to steal our data as we browse to Google! Since they can't complete, and are jealous of Google/Facebook/Apple/Microsoft's ad business they are running to Congress to make us less safe so they can continue to extract money from our browsing habits.
Deleted Chrome for DuckDuckGo browser and NordVPN and haven't looked back.
that's not really relevant to the discussion though. Unless DuckDuckGo supports DNS over TLS? And then on the other end, which DNS over TLS capable public resolver are you using (unless you created your own)? DNS over TLS is a good thing. Congress questioning this isn't actually a good thing. Google being the bad guy here is at best a very light gray area. Edit: and to be clear, a VPN doesn't necessarily cover the same problem. In fact, one could argue it makes VPN as a privacy utility a little closer to obsolete. Moreover, in regards to the problem at hand, it's like trying to kill a squirrel with an AK-47. It's overkill. Plus, you are adding extra hops and therefore inherently slowing down your connection, whether or not you notice it or not. Finally, its not a solution that will be available to everyone. So, I'll stick with my original opinion that it's not really relevant to this topic.
Sorry to tell you, but the ISP can still see your DNS requests at the exit node of your VPN. All you are doing is moving the cheese, not hiding it. That's why VPN is only part of a defense in depth security solution. The use case for a VPN is to connect to a trusted network, creating a private tunnel across an un-trusted network (the internet), so that two endpoints can communicate securely. NordVPN just moves the point where your traffic enters the internet. It can protect you from local attacks, such as someone on the same Wifi network as you. And make it appear you are in England, when you are on your porch in Kansas. However, it is trivial for the Internet Service Provider at that exit node to harvest all of your DNS requests. Also, it's a bit harder, but, not difficult to figure out who you are by collecting that information.
I'm split on the idea that my web browser can bypass my DNS. I don't know how they're implementing this, so maybe I'm not reading into it correctly, but if they're implementing DNS over TLS, then it'd have to be overriding my own personal DNS in the OS, right? I setup my own recursive DNS server. I don't want to go out of my way to make my web browser using it. However, on the other hand, I feel like I'm more of an exception than the norm and can see a lot of benefit in implementing DNS over TLS. Personally, I'd rather see these protocols be supported by the OS. The browser shouldn't have to care.
They already do it in Chrome today. I can't find the link at the moment, but when MS started work on Chromium they detailed a list of things they stripped out and one of them was Google using their own DNS in Chrome regardless of what the system is set to use.
if you are concerned about DNS security, and don't want to use Google, OpenDNS and Cloudflare both provide secure DNS (which is what this is) alternatives that work with just about any browser. Would you be uncomfortable to know that today, without secure DNS, every single url you enter or click on is transmitted to the entire internet in plain text for anyone to collect? Because that is what is happening without secure DNS. If you're OK with that great, but I'd rather keep information that I've contacted financial, healthcare, educational or legal service providers private.
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.