DoH! Google tries to clear up DNS-over-HTTPS confusion
Google has already revealed plans for Chrome which it says will increase privacy and security. DNS-over-HTTPS (DoH) was announced back in September, and the company is already worried that people are confused about the implementation.
The company has published a defensive blog post in which it says that "there has been some misinformation and confusion about the goals of our approach and whether DoH will impact existing content controls offered by ISPs". It goes on to try to dispel the incorrect beliefs it says have built up.
- Report: Alphabet wants to buy Fitbit
- Google Chrome update to blame for unbootable Macs
- Google is ready to fix a bug that gives iPhone users free full-quality photo backups
The first claim is that Google is concerned about is the belief that it is is going to redirect user DNS traffic to its own DNS or another DoH-compliant DNS provider. The company says simply: "That is incorrect".
It goes on to explain:
Because we believe in user choice and user control, we have no plans to force users to change their DNS provider. Today, there are many independent DNS providers, although ISPs serve approximately 97 percent of user DNS needs. As long as these service providers keep catering to user needs and concerns, it will remain a diverse ecosystem.
We're simply enabling support in Chrome for secure DoH connections if a user's DNS provider of choice offers it. Chrome will check if the user's DNS provider is among a list of participating DoH-compatible providers and if so, it will enable DoH. If the DNS provider is not on the list, Chrome won't enable DoH and will continue to operate as it does today. As DoH adoption increases, we expect to see the number of DoH-enabled DNS providers grow.
Google says that there is also a misconception that secure DoH connection will limit the family-safe content controls offered by some ISPs. The company dismisses this, saying:
In fact, any existing content controls of your DNS provider, including any protections for children, should remain active. DoH secures the URL data only while it's in transit between your browser and the DNS provider, so your provider's malware protection and parental control features will continue to work as they have in the past. As a proof point, CleanBrowsing offers the same parental control features on its DoH service as it does on its unencrypted service.
Google says that it is optimistic about DoH, but points out that it is "taking an incremental approach with this experiment". Chrome product manager, Kenji Baheux, says: "our current plan is to enable DoH support for just 1 percent of our users, provided that they are already using a DoH compliant DNS provider".