The Wall Street Journal published an unverified report that said that the U.S. House is investigating Google’s use of a new user privacy and security feature called DNS over HTTPS (DOH).
Privacy Feature As Anticompetitive Tool?
According to WSJ’s report, the House investigators asked Google in a September 13 letter whether or not they intend to implement and promote DOH, as well as whether or not Google intends to use the data that would pass through its own servers once the feature is enabled for commercial purposes.
After Facebook’s Cambridge Analytica scandal and other recent privacy scandals, the U.S. government seems more interested in preventing similar abuses of data collection in the future. However, this recent criticism may have been primarily raised by internet service providers (ISPs), who would be cut off from tracking their users’ browsing behavior.
Google stated that it won’t enable its own DOH servers by default for its users:
"Google has no plans to centralize or change people's DNS providers to Google by default. Any claim that we are trying to become the centralized encrypted DNS provider is inaccurate."
Over the past few months, House Judiciary Committee members have been investigating some of the largest technology companies over anti-competitive misconduct, not all of it related to privacy issues, including Amazon, Apple, Google, and Facebook.
What is DNS Over HTTPS: Closing Metadata Leaks
DOH is an upcoming feature in browsers that encrypts DNS requests made by users to various web servers. The DNS helps label the servers the users are visiting in a human-readable form via “domain names.” When you attempt to visit a website, your computer actually visits an IP address belonging to the site’s hosting server, but your browser will show you the name of the site that corresponds to that server.
The communications with DNS servers are not encrypted, and this has been a privacy issue since the first time the DNS was invented, 35 years ago. There have been various attempts to fix this via protocols that ISPs had to adopt, but the vast majority of them have been unwilling to adopt these protocols.
This is basically why Google, Mozilla and other browser vendors have been pushing for new solutions for encrypting DNS traffic such as sending DNS requests over HTTPS or TLS. DNS over TLS needs to be supported at the operating system level, but the primary OS desktop vendors, Microsoft and Apple, have yet to adopt it. As such, implementing DOH first would give users access to encrypted DNS requests more quickly.
Governments, ISPs Attack Encrypted DNS Protocols
Some governments, such as the U.S., UK, and others from the Five Eyes mass surveillance alliance haven’t been too happy with the increasingly more encrypted web. We’ve seen these governments attack device encryption, chat end-to-end encryption, and even against HTTPS. Therefore, it comes as little surprise that they are also attacking DOH and TNS over TLS.
For governments that have started implementing country-wide censorship and have been relying on blocking DNS requests as one of the primary ways to enable the censorship of various websites, it seems even more imperative to stop the implementation progress of these protocols.
The ISPs also seem to be strong allies of these governments in this case. One of the reasons is that when it comes to user surveillance, governments and ISPs have often been long-time partners when it comes to mass surveillance. Another would be that the new protocols affect their new revenue models that include using that data for advertising purposes or selling access to it to advertisers.
According to the WSJ report, the U.S. ISPs believe that the latter makes them Google’s competitors, which is why they’re now making the argument that Google closing off their access to this data makes it an anti-competitive move.
Mozilla recently had to backtrack on supporting DOH by default in the Firefox browser in the UK, where the government has expressed concerns over not being able to censor information via this capability anymore. Meanwhile, the local ISPs made similar complaints about not being able to access its customers’ browsing data anymore for commercial purposes.