
Google faces scrutiny from Congress, DOJ over plans to encrypt DNS - ak217
https://www.engadget.com/2019/09/29/congress-doj-scrutinze-google-encrypted-dns/
======
bko
> ISPs are trying to undermine the standard simply because they want continued
> access to users' data, Erwin said. Unencrypted DNS helps them target ads by
> tracking your web habits, and it's harder to thwart DNS tracking than
> cookies and other typical approaches.

Is there any other serious argument against encrypting DNS? The only other one
I heard was it makes filters harder such as child protection filters on the
ISP level.

It would be very ironic if ISPs are successful in making our communications
less secure by using anti-Google sentiment and anti-trust laws.

~~~
DannyB2
People say: "I'll just block it in my hosts file"

With DNS over HTTPS you can't. You can't even intercept DNS and reroute it to
your own DNS server.

Suppose a device, let's say a RoKu (or many other) wants to use a DNS that you
cannot block, it could use Google's DNS over HTTPS to a private name server of
its choosing. Your DNS, and your hosts file doesn't matter. This makes it
significantly harder to block anything (probably ads, but not necessarily only
ads).

You could try to intercept these requests, but how do you know an HTTPS
request is for DNS? And for what name it is being requested?

Taken further, a device, say an Apple TV, hypothetically, could even use a
proprietary DNS protocol to talk to its own mother ship.

~~~
Spivak
You could make the same arguments to say that these devices should be speaking
HTTP instead of HTTPS for the purposes of allowing the use of a proxy to
inspect, redirect, and provide custom responses for requests.

Ultimately if a device in your network is your adversary and you’re giving it
an open connection the internet then it’s game over. If there was actually a
significant portion of people who blocked ads with DNS vendors would have
implemented DoT with certificate pinning a long time ago.

------
zarro
I am more concerned that they are using the idea that this "would give the
internet giant an unfair advantage by denying access to users' data" as a
pretext for "We will no longer be able to spy and spoof efficiently on our
customers".

In my opinion, the telecoms and government give us a lot more reasons for
concern than google. Its not in googles best interest to become known for
censorship, customers will just use another browser and search engine (some
already have), but you don't have the same degree of recourse with government
and telecom control.

------
andrerm
After this and this [1] I must say I'm in favor of DoH.

I know for sure every major application/game on every device/platform will
also hijack DNS queries with their own DoH client and redirect them to their
own DNS resolver.

I know for sure that by the time OS implementations are here every application
will already have their DoH client built-in up and running for so long nobody
will no care anymore.

I know IPSs are just being lazy. I know they will bypass DoH in a couple of
months by filtering IPs or deep package inspection or something else.

But is good to see them pissed of once in a while.

[1]
[https://news.ycombinator.com/item?id=20358300](https://news.ycombinator.com/item?id=20358300)

------
IXxXI
If DNS is encrypted, would that make it easier to route casual internet
traffic through china, russia or another foreign nation which would have an
easier time intercepting and monitoring communications without being noticed?

