Difference between revisions of "DNS over HTTPS"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(Created page with "==explained== When you navigate to a website, your browser first needs to determine which server is responsible for delivering said website, a step known as DNS resolution....")
 
(explained)
Line 3: Line 3:
 
When you navigate to a website, your browser first needs to determine which server is responsible for delivering said website, a step known as DNS resolution.  For most people, their system automatically uses their Internet Service Provider's DNS.  Users can configure their system to use 3rd party DNS if they so desire, such as Google's 8.8.8.8 public DNS server.  In a small office or larger corporate network, it is common that DNS resolution is handled by the firewall or a special purpose dedicated DNS server for the LAN.  This is part of the network security layer and the network administrator likely prefers or enforces all DNS queries be handled locally.
 
When you navigate to a website, your browser first needs to determine which server is responsible for delivering said website, a step known as DNS resolution.  For most people, their system automatically uses their Internet Service Provider's DNS.  Users can configure their system to use 3rd party DNS if they so desire, such as Google's 8.8.8.8 public DNS server.  In a small office or larger corporate network, it is common that DNS resolution is handled by the firewall or a special purpose dedicated DNS server for the LAN.  This is part of the network security layer and the network administrator likely prefers or enforces all DNS queries be handled locally.
  
Mozilla Firefox (the group responsible) and Google Chrome via The Chromium Project are now implementing something called DNS over HTTPS.  They claim this is to provide an encrypted channel which they say further safeguard user security and privacy.
+
Mozilla Firefox (the group responsible) and Google Chrome via The Chromium Project are now implementing something called DNS over HTTPS.  They claim this is to provide an encrypted channel which they say further safeguard user security and privacy.  That is what they say so they can sneak this alteration to the normal standard DNS model by the end user without objection.
 +
 
 +
The Benefit:  It will be more difficult for people to sniff out your visited web sites because DNS queries won't pass through the local network smart switch or router in an unencrypted format.  For employees of a company, they will be able to visit pornhub or something nasty and maybe not be as likely to get noticed by the LAN administrator. 
 +
 
 +
The Danger:  There is no benefit for the home Internet user of Chrome or Firefox.  The danger is that all the sites you visit are being sent as a list and possible collected by a 3rd party.  If you are at home and you visit bitcoin mining web sites or read a lot of gun related articles, some 3rd party company can keep a list and turn that over to advertising or marketing firms, or worse yet, to an oppressive government authority depending on your country.
 +
 
 +
The Danger outweighs the benefit!
 +
 
 +
Any competent office network administrator is going to block Trusted Recursive Resolver traffic so Chrome or Firefox will have to revert to the office DNS server.
 +
 
 +
Unless you spend your time surfing questionable web sites or looking at things that would embarrass you if it were to become public and you are doing all of this not at home, but on public wifi where other users of the same wifi could potentially be sniffing your data packets, this DNS over HTTPS is really just a big scam to data mine.  Mozilla Firefox the organization and Google for their part in adding this to Chromium should be called out on this and held legally accountable in civil court as they implement this data mining DNS scam by default and without user consent.

Revision as of 12:08, 4 February 2024

explained

When you navigate to a website, your browser first needs to determine which server is responsible for delivering said website, a step known as DNS resolution. For most people, their system automatically uses their Internet Service Provider's DNS. Users can configure their system to use 3rd party DNS if they so desire, such as Google's 8.8.8.8 public DNS server. In a small office or larger corporate network, it is common that DNS resolution is handled by the firewall or a special purpose dedicated DNS server for the LAN. This is part of the network security layer and the network administrator likely prefers or enforces all DNS queries be handled locally.

Mozilla Firefox (the group responsible) and Google Chrome via The Chromium Project are now implementing something called DNS over HTTPS. They claim this is to provide an encrypted channel which they say further safeguard user security and privacy. That is what they say so they can sneak this alteration to the normal standard DNS model by the end user without objection.

The Benefit: It will be more difficult for people to sniff out your visited web sites because DNS queries won't pass through the local network smart switch or router in an unencrypted format. For employees of a company, they will be able to visit pornhub or something nasty and maybe not be as likely to get noticed by the LAN administrator.

The Danger: There is no benefit for the home Internet user of Chrome or Firefox. The danger is that all the sites you visit are being sent as a list and possible collected by a 3rd party. If you are at home and you visit bitcoin mining web sites or read a lot of gun related articles, some 3rd party company can keep a list and turn that over to advertising or marketing firms, or worse yet, to an oppressive government authority depending on your country.

The Danger outweighs the benefit!

Any competent office network administrator is going to block Trusted Recursive Resolver traffic so Chrome or Firefox will have to revert to the office DNS server.

Unless you spend your time surfing questionable web sites or looking at things that would embarrass you if it were to become public and you are doing all of this not at home, but on public wifi where other users of the same wifi could potentially be sniffing your data packets, this DNS over HTTPS is really just a big scam to data mine. Mozilla Firefox the organization and Google for their part in adding this to Chromium should be called out on this and held legally accountable in civil court as they implement this data mining DNS scam by default and without user consent.