The rumor is that Google Chrome will soon be using DNS over HTTP in order to navigate the web. When it does, that may provide some level of privacy, and security, but it may break a whole lot in the process, and that is worrying some:
DOH will encrypt the addresses of the websites we visit, potentially bypassing local Internet Service Providers (ISPs), and connecting directly to central nameservers that could well be managed by the companies behind the browsers themselves. This means that many of the filtering and protection tools in place today, usually administered by ISPs, would no longer work.
The new approach brings definite security advantages, notwithstanding that we’ll be entrusting Google and its peers with even more data on us. If the addresses of the websites you want to visit can’t be seen, they can’t be filtered or policed. And campaigners claim that this has implications for the fights against terrorism and extremism, as well as for child safety.
This could get very complicated, and not just for the reasons outlined above. Yes, internet filters, at the local and ISP level would break if you can’t see the URL of the site that a user is trying to connect to. That is going to create quite a conundrum not just for child safety filters and terrorism investigations, but also for your every day run of the mill corporate firewall. If you block webmail for security reasons, how will you do that if your firewall can’t decipher the web addresses being entered in the browser?
Also, as a website owner I’m curious if this encryption will mean being unable to see anything about visitors too. That would really break the advertising business model for sites like Facebook, and just about every large media site out there. I assume, if all of the DNS traffic is encrypted and directly communicated from the browser to a central nameserver, while the company that controls that nameserver would need to be trusted to truly be encrypting that traffic, lest they know a LOT about us, but the end points, the websites we visit, would not be able to see past the nameserver, would they?
And while yes, that is a huge privacy boon, it would also eliminate the opportunity to know where a user is coming from, making geofencing impossible. That concerns me, not because I’m a huge geofencing fan, but because as new laws are passed by various governments around the world about what content they want users to be able to upload, share, or even see, geofencing is a tool to continue operating and blocking visitors from those countries while we figure out how to, or if we even want to, comply. We saw this is the early days of the GDPR, where media sites who weren’t ready simply blocked EU visitors for a bit. If that location data is invisible, that would be impossible, and in effect, whatever law is passed by one country would end up becoming the law every site had to follow. That sounds like a disaster.
I’m hopeful, however, that it doesn’t completely block any and all information about visitors, but I have to admit I do not have a ton of details about the switch to DOH and how it might end up working. I am curious though, so if you’re ahead of me in the learning curve about the technology, feel free to chime in on it and educate me!