Resistance seems useless. Microsoft has confirmed that you are joining the DNS-over-HTTPS (DoH) party. According to the results of Firefox and Chrome, Redmond giants “close one of the last remaining plain text domain name transfers of common web traffic that supports encrypted DNS queries on Windows.” But it is much more important than. DoH is controversial and has changed the way Internet security works. Sophos explained:
So what is all this? By default, loopholes in website requests sent over the Internet are closed in plain text, putting the user at risk. The work done by this plain text naming system promotes exponential web growth and is easy to use. However, ease of use means that website name spoofing or traffic blocking and manipulation is easy. As much of what we do online now is encrypted, this is out of date. The way we access our website can also be encrypted. Is to send encrypted traffic to a central server instead of HTTPS via DNS (DOH), bypassing the local DNS name server.
“It’s not easy to provide encrypted DNS support without breaking your existing Windows Device Manager configuration,” says Microsoft. “But we think privacy should be treated as human rights. Technology should have built-in end-to-end cybersecurity.” But Microsoft will help make the entire Internet ecosystem of Windows adoption of encrypted DNS healthier. Will be. ”
What does Microsoft mean at the last point? Currently, unencrypted DNS systems are distributed by default. Multiple copies of the same name information are kept in many distributed locations. Switching to encrypted systems puts you at risk of focusing on user data with a handful of browsers and apps (which can theoretically run your own DoH system). Microsoft argues that universal adoption, including Windows integration, will require an alternative decentralized system.
This concentration risk is controversial. It also bypasses your local ISP, which can no longer read the sender’s website address. British telecommunications giant BT warned that DoH reduces its ability to derive cybersecurity intelligence from malware activity and DNS insights, gives hackers new opportunities for attack, and prevents government-regulated regulations or court orders from running.
That’s not the only problem. Currently, ISPs and carriers may block content and websites that may be dangerous to those sites and content. This includes child protection technology, security restrictions on drugs, terrorism and trafficking. Also for the same reason, local law enforcement can’t intercept web traffic because encrypted addresses bypass the local infrastructure and go directly to the core DNS.
Google ignited its DoH plan in Chrome from US lawmakers. There is a concern that the competition will be fierce and at the expense of ISPs and wireless carriers, it will provide the world’s largest data miners, preferring Google and providing more data. Letters to lawmakers at many ISPs say Chrome and Android dominate, warning that “Google could become an overwhelmingly predominant DNS lookup provider, banning competitors and banning competition in advertising and other industries” I did.
Mozilla has also seen criticism of its own Firefox plans. “We are convinced that the next step is to activate DoH by default after a lot of experimentation,” but the UK ISP trading organization does not award the company “Internet Score of the Year”. “In essence, adopting DoH will be detrimental to online safety, cybersecurity, and consumer choice.”
Microsoft seemed to admit this and said it could be directly controlled by the user and would not require new settings. “Today’s users and administrators decide which DNS server to use, either by selecting a network to join or by manually specifying a server. This milestone will not change anything about it. ”This is broadly the same as other tech giants. Everyone said they could change the settings and DoH said it would be optional.
The problem is, of course, that if most of the settings are promoted to a security standard, most users will remain the same. But Microsoft’s flexibility is welcome. “Many people use ISPs or public DNS content filtering to do things like block aggressive websites,” says Microsoft. “Automatically changing the trusted DNS server for Windows resolution can bypass these controls and disappoint users. We believe that device administrators have the right to control where DNS traffic goes. ”Microsoft also has a slow pace and if it’s inadvertent, it will slow down and check progress and cycle back as needed. I prepared to be.
“I thought it was important for encrypted DNS to clarify its intentions as soon as possible, attracting more attention,” Microsoft says. Sophos said, “The transition to the online world seems to be going on whether the other person likes it or not. The battle is now inside this change or is in danger of being locked forever. ”