Google’s DNS encryption plans set off antitrust alarms

There’s a blurry line between a safe internet and an open internet when it comes to making it safe for everybody. Companies like Google and Firefox are making moves to make things safer, but ISPs and some experts have concerns about whether those moves will cause problems for the internet’s openness. Google’s latest move is the plan to add DNS encryption over TLS to Chrome (and Firefox – though it’s Chrome that antitrust investigators are eyeballing in particular). The investigators on the House Judiciary Committee asked Google in a letter for information about its “decision regarding whether to adopt or promote the adoption of the protocol,” according to the Wall Street Journal.

A quick DNS primer

Google DNS encryption investigation

Here’s a quick refresher on what DNS (Domain Name Service) is: When you visit a website, your computer is passing a DNS request along to a DNS server that tells your router and finally your computer how to get to that website. The common metaphor is that it’s a phonebook for the internet, and that’s not a bad metaphor. But it’s also a phonebook that’s maintained through open cooperation across ISPs and is being updated millions of times per day.

When you make that DNS request, your ISP can see that request regardless of whose DNS servers you’re using because DNS requests are generally unencrypted. This provides these companies with valuable data that they can then use for any number of noble or nefarious activities from optimizing slow servers to selling your data to advertisers.

But now Google and Mozilla are looking to encrypt DNS requests via TLS (Transport Layer Security), which would make those requests invisible to your provider. On the one hand, this could protect users against things like unauthorized snooping of our web traffic. And with a company like Mozilla, which focuses almost exclusively on browser tech, it’s easier to imagine that they have the best interests of the greater internet in mind. (It’s no wonder many of us are using VPNs are the router level these days.)

Google isn’t just a browser company, though

But Google isn’t just a browser company and DNS provider. They’re also an advertising company, a big-data company, a retail company, and a telecom. There’s a real fear that Google is introducing DNS encryption not to protect the internet but to keep data to itself; data that ISPs and other companies can access right now. Chrome’s auto-update feature means a world where Google flips a switch and sends all DNS queries from Chrome to Google servers isn’t impossible, even if it’s highly unlikely.

Google says it has “no plans to centralize or change peoples’ DNS providers to Google by default.” The company adds that “any claim that we are trying to become the centralized encrypted DNS provider is inaccurate.” Of course, people don’t usually announce questionable actions before they take them; the investigation is still warranted.

There are a bunch of eyeballs on big tech these days. Facebook is under all kinds of investigations for privacy, and almost every state has an ongoing investigation into all the tech giants. Maybe our lawmakers have moved past the “series of tubes” era of internet comprehension. Maybe.

avatar
7 Comment threads
8 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
9 Comment authors
anonymous cowardpsuedonymousAnonymous CowardQ-GodJeff Murray Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
anonymous coward
Guest
anonymous coward

encrypted dns has nothing to do with google or any other single company, it is a protocol that would work with whatever DNS provider you choose if they support encrypted DNS.

this whole debate resolves around some companies not wanting encrypted dns to exist as it threatens their profits made from snooping their clients browsing habits.

encrypted dns would make it harder for companies to snoop their clients data for resale. umm, that could be considered good, or bad, for you, depending how much income you receive for snooping and retailing your clients privacy.

psuedonymous
Guest
psuedonymous

To see Techreport regurgitating the laughable ISP talking points effectively unchallenged is frankly embarrassing.

Anonymous Coward
Guest
Anonymous Coward

I thought it was a balanced writeup.

psuedonymous
Guest
psuedonymous

It completely fails to mention that nothing prevents ISPs from operating their own encrypted DNS servers (into which they can snoop to their hearts delight) just as they operate unencrypted DNS servers today. Or that all the arguments against encrypting DNS traffic also apply to encrypting all other IP traffic.

Anonymous Coward
Guest
Anonymous Coward

ISPs can do all kinds of irrelevant stuff, Google holds all the cards, the ISPs are looking more like the dumb data pipes they should be. IMO the only issue here is that perhaps we don’t need Google as a monopoly over the internet.

psuedonymous
Guest
psuedonymous

Google operating encrypted DNS servers give them no more a ‘monopoly over the internet’ than the non-encrypted DNS servers they have operated for (just shy of) a decade.

Q-God
Guest
Q-God

The only good DNS would be a P2P DNS.

Jeff Murray
Guest
Jeff Murray

Congress needs to add the ISPs to their investigation of Google. They are all evil. Google’s reply of “inaccurate” is a feint; they did not deny the accusation.

Peldor
Guest
Peldor

Whatever. I already switched to Google’s DNS because the ISP one kept flaking out.

Frenchy2k1
Guest
Frenchy2k1

Let’s see… Who’s complaining, what do they have to lose and what does the other players have to gain (usual “follow the money” decryption). Google can *already* collect all that data through chrome. They operate the 8.8.8.8 DNS, but requests are in the clear. Complainants are ISP that *do* currently snoop on DNS requests and sell that data to advertisers, double dipping on their customers (you know, the people paying them to use their pipes, not to be spied on). So, I would suspect the ISPs have more to lose and I would prefer my DNS requests to be encrypted.… Read more »

derFunkenstein
Guest

Double dipping is the way most ISPs’ main industry (cable TV) works. Pay for the privilege of seeing ads. Thanks guys.

Anonymous Coward
Guest
Anonymous Coward

Yeah I never did understand the ads on a paid service. What do the advertisers really think they get from me, anyway? I’m impervious to random untargeted TV-style ads.

grimdanfango
Guest
grimdanfango

If you think you’re impervious, you’re just the type of person they like.
Nobody is impervious to advertising. The best way to minimize the effects on yourself is to *understand* that, and check yourself every time you go to buy anything 😛

Anonymous Coward
Guest
Anonymous Coward

I can’t think of a product I have bought that I even saw advertised. I have browsed catalogs for sales. I do buy brand-name products (so, they have invested effort in positioning their name) in many cases, its just too hard to know which cheap products are good. The best I can figure, advertisers must be just eating certain people alive to make it all worthwhile.

Anonymous Coward
Guest
Anonymous Coward

Well, I for one appreciate not sharing my DNS requests with ISPs. I know big players like Google also want that stuff, but the ISPs should keep their eyes focused on being dumb data pipes, IMO.

Pin It on Pinterest

Share This