Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Google Chrome Encryption Government United States

Google's DNS-Over-HTTPS Plans Scrutinized By US Congress (engadget.com) 130

Posted by EditorDavid from the following-protocols dept.
Google's plans to implement DNS over HTTPS in Chrome are being investigated by a committee in the U.S. House of Representatives, while the Justice Department has "recently received complaints" about the practice, according to the Wall Street Journal.

An anonymous reader quotes Engadget: While Google says it's pushing for adoption of the technology to prevent spying and spoofing, House investigators are worried this would give the internet giant an unfair advantage by denying access to users' data. The House sent a letter on September 13th asking if Google would use data handled through the process for commercial purposes... Internet service providers are worried that they may be shut out of the data and won't know as much about their customers' traffic patterns. This could "foreclose competition in advertising and other industries," an alliance of ISPs told Congress in a September 19th letter...

Mozilla also wants to use the format to secure DNS in Firefox, and the company's Marshall Erwin told the WSJ that the antitrust gripes are "fundamentally misleading." ISPs are trying to undermine the standard simply because they want continued access to users' data, Erwin said. Unencrypted DNS helps them target ads by tracking your web habits, and it's harder to thwart DNS tracking than cookies and other typical approaches.
This discussion has been archived. No new comments can be posted.

Google's DNS-Over-HTTPS Plans Scrutinized By US Congress More

Google's DNS-Over-HTTPS Plans Scrutinized By US Congress

Comments Filter:

  • Fight of sumbitches over us suckers' data (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Sunday September 29, 2019 @05:43PM (#59250776)

    The damn government sumbitches want to put the populace under surveillance. The damn Google monopoly sumbitches want to know everything about everybody and milk the data for all it's worth. The damn ISP sumbitches want to profit from their captive userbase even more.

    Who'll lose? Us.

  • "The House sent a letter on September 13th asking if Google would use data handled through the process for commercial purposes..."

    hahahahahahahahahahahahahhhahaha! Maybe next Congress should ask if Google will make it always obvious that a user is visiting an AMP page...

    I'm sure Google will couch their answer in technical jargon though, and make it seem like they're saying something else. Google's proven itself a master at dancing around a question.

  • Headline is wrong. Google isn't doing DNS https (Score:5, Informative)

    by raymorris ( 2726007 ) on Sunday September 29, 2019 @05:55PM (#59250816) Journal

    Google isn't doing DNS over https. Only Firefox and their partner Cloudflare are proposing that. Google and many others propose DNS over TLS (RFC 7858).

    DNS over TLS is a technically reasonable proposal. It's regular DNS, over a standard TLS connection. Just pipe socat to your favorite DNS server and you have DNS over TLS.

    Firefox is proposing bloating the shit out of it and making things much slower by pointlessly adding HTTP, so that you have to do http requests in order to get IPs, inorder to do another round of http requests. Oh and by the way it requires http/2, so it's fundamentally incompatible with most currently deployed servers and clients.

    DNS over TLS is an entirely reasonable protocol proposal, from a technical perspective, while DNS over http/2 is a "wtf" idea.

    • Re:Headline is wrong. Google isn't doing DNS https (Score:5, Informative)

      by Burdell ( 228580 ) on Sunday September 29, 2019 @06:13PM (#59250870)

      Google isn't doing DNS over https.

      Nope - Chrome will also be rolling out DNS-over-HTTPS [zdnet.com]. This is separate from their DNS-over-TLS project.

    • Re:Headline is wrong. Google isn't doing DNS https (Score:4, Interesting)

      by jonwil ( 467024 ) on Sunday September 29, 2019 @06:22PM (#59250880)

      Why are these browser makers pushing doing DNS over HTTPS instead of the much more sane DNS over TLS anyway?
      What's the supposed advantage of DNS over HTTPS (there has to be one otherwise the browser makers wouldn't be using it)

      • Re:Headline is wrong. Google isn't doing DNS https (Score:5, Insightful)

        by WaffleMonster ( 969671 ) on Sunday September 29, 2019 @06:43PM (#59250938)

        Why are these browser makers pushing doing DNS over HTTPS instead of the much more sane DNS over TLS anyway?
        What's the supposed advantage of DNS over HTTPS (there has to be one otherwise the browser makers wouldn't be using it)

        They want another excuse to get everyone's browsing history because they feel they don't quite have enough baked into their software already.

        • Comment removed based on user account deletion

          • They already have everything they need to get everyone's browser histories.

            If I understand you are essentially making the argument there is already a hole in the bottom of the boat therefore it matters not that a new one is being drilled? Is this fair or did I misunderstand?

            This isn't going to give them access to everyone's DNS histories

            Personally I refuse to believe this scheme of bypassing local name resolution is driven by anything other than a desire to collect DNS data from countless millions of people.

            I refuse to believe the existence of these naming bypass schemes will ultimately serve as anything other than a means to further abuse en

            • "Personally I refuse to believe this scheme of bypassing local name resolution is driven by anything other than a desire to collect DNS data from countless millions of people."

              Of course that is the point. Whenever you are dealing with Criminals simply follow the money. Easy Peasy!

              "I refuse to believe the existence of these naming bypass schemes will ultimately serve as anything other than a means to further abuse end users at scale."

              However, it will only "abuse end users" who are willing to be abused. Th

            • Personally I refuse to believe this scheme of bypassing local name resolution is driven by anything other than a desire to collect DNS data from countless millions of people.

              Well, OK I guess if you refuse to believe it then there's literally nothing I could do to persuade you otherwise.

              Back in the real world, Moilla isn't google and are a much more trustworth organisation. And many governments including my own (fuck you May) have already got wide scale DNS snooping and logging going on. Flipping on DoH in f

            • Re: (Score:2)

              by AmiMoJo ( 196126 )

              If I understand you are essentially making the argument there is already a hole in the bottom of the boat therefore it matters not that a new one is being drilled? Is this fair or did I misunderstand?

              If you are paranoid and assume that Chrome already sends every URL, every keystroke and a live webcam feed to Google anyway then it's more like your boat already sank and the sharks are already chewing on your leg.

              If you take a more pragmatic view then it's obviously far worse for your ISP to get your DNS queries, because your ISP knows exactly who you are and where you live. Google just sees an IP address making a query, and quite likely a shared IP address at that. At most they could try to associate it w

            • If I understand you are essentially making the argument there is already a hole in the bottom of the boat therefore it matters not that a new one is being drilled? Is this fair or did I misunderstand?

              The flow of data is binary: it is either flowing or it isn't. Having door A or door B through which the same can pass at leisure is not different than having only door A.

              • Re: (Score:2)

                by Wulf2k ( 4703573 )

                I assume you've entered your credit card info online at some point.

                Since that data has already flowed, please post it here as well.

                • It hasn't flowed to you; but Amazon already has it. Were Amazon to require me to re-enter it each time I use it, that would not multiply my risk of exposing my credit card to Amazon, as Amazon could be storing it and not telling me, and my credit card number has already been exposed to Amazon.

                  Similarly, Google already receives each URL you visit or enter into the Chrome location bar, as it's sent to their auto-complete service and to their malware screening service. To send the DNS lookup to Google as

            • Comment removed based on user account deletion
        • Knowledge is money. For a corporation there is no such thing as too much money.
      • Comment removed based on user account deletion

      • ... for sockets,
        webGL for OpenGL,
        web$Anything for $Anything.

        Because "web!".
        No, I really checked. Not only do the What(TF)WG guys (basically browser makers who wanted to go back to the incompatible spaghetti code spec days of HTML 3.x) ... not only do they not have a reason ... they also don't even see why one would need one. As far as I can tell, they are just plain insane. I just don't know which illness it is yet.

      • Re: (Score:2)

        by guruevi ( 827432 )

        The problem with 'regular' DNS is that it is easy to intercept and thus many providers, government and corporate entities can block the encrypted connection very easily and force the OS to downgrade it. If you're in a place like China, not using the 'approved' methods is likewise easy to detect.

        Running stuff over HTTP/HTTPS is hard to detect intent of the connection, let alone intercept and block without blocking everything else, especially once TLSv1.3 with encrypted SNI is commonplace and tampering with t

      • Re: (Score:3)

        by AmiMoJo ( 196126 )

        The RFC explains it: https://tools.ietf.org/html/rf... [ietf.org]

        One major advantage of HTTPS is that it's hard to block it. DNS over TLS can be blocked just by firewalling off the port. HTTPS is much trickier, especially since many of the servers offering DoH also offer web sites. For example one popular way around the Great Firewall of China is to route VPN traffic over HTTPS to a server in the Microsoft or Amazon clouds. Preventing ISPs and governments from dicking around with DNS is a major design goal.

        The GP is w

    • Oh and by the way it requires http/2, so it's fundamentally incompatible with most currently deployed servers and clients

      Just to put a number behind that statement. Current deployment of HTTP/2 on the top 10 million sites is at 41%. [w3techs.com]

  • Ahhh... (Score:5, Insightful)

    by msauve ( 701917 ) on Sunday September 29, 2019 @05:56PM (#59250820)
    "Internet service providers are worried that they may be shut out of the data and won't know as much about their customers' traffic patterns."

    And now we come to the crux of the biscuit.

    It's not really about Google snooping (others could also implement secure DNS), but about denying ISPs the ability to snoop. Fuck them.

    • Re: Ahhh... (Score:4)

      by mSparks43 ( 757109 ) on Sunday September 29, 2019 @06:02PM (#59250840) Journal

      more likely the ISPs are worried about the large sums ghcq and the NSA pay them for access to the data.

      • more likely the ISPs are worried about the large sums ghcq and the NSA pay them for access to the data.

        Do you have any evidence that that happens? AFAICT, the closest thing we have to evidence is the extensive cooperation between AT&T and the NSA, but in that case it appears AT&T was doing it for free.

        • NSA alone is known to give them at least $250m a year according to the Snowden leaks.

          "for free" what are you, some kind of commit bastard? no one does anything for free.

          • Ah, but instead of paying $250 million to each of a few hundred ISPs, you only need to pay $250 million each to Google, Mozilla, and Cloudflare. Far more efficient and cost effective. The primary method of defense against spying is to make is too expensive for the spys to carry out effectively. So for relatively little expenditure the spys are getting Total Information Awareness. It is information only about those in the shallow end of the gene pool, but those are the ones that need the closest attentio

          • NSA alone is known to give them at least $250m a year according to the Snowden leaks.

            I stand corrected, thanks. I had somehow missed that part of the Snowden info.

        • Seriously, how deluded are you?

          It was basically the key point of the entire leaks.

          You remind me of holocaust deniers. Or of NSA sock puppets.

          XKeyScore.
          Need I say more? If yes, then read up on how it works.

          • ->NSA sock puppets.

            And their dupes/useful idiots, pondscum the lot of them.

            I reckon they outnumber legitimate commentary by quite a wide margin. Have done since the "you dont need encryption" days and only expropriated more US/UK tax payer budget since then.

            How else do they protect themselves from the kids of all the parents they had murdered over the last few decades.

      • Why pay for what they can just take?

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        That's the thing, at least in the UK GCHQ doesn't pay them very much at all. The ISPs are just required to log everything and hand it over on demand at their own expense. Not just GCHQ either, the police make hundreds of thousands of requests per year too. They must go through a lot of rubber stamps.

        Because of that the ISPs have set up automated systems to handle the requests and let the security services "regulate" themselves. It's still a cost burden for them though.

        • -> It's still a cost burden for them though
          Id argue the UK is even worse.

          UK ISPs and telcos were selling browsing data to anyone willing to pay - up until the EU stepped in with GDPR.

    • Governments lean on ISP's to implement censorship (copyright, porn etc). Blocking local ISP's from seeing your traffic makes that impossible. You can do sensorship using the huge multi-national corporations, but they want to get paid (well) for the effort. Police/Gov can often push the little ISP's into doing this for free or cheap.

  • Who to root for? (Score:5, Insightful)

    by cascadingstylesheet ( 140919 ) on Sunday September 29, 2019 @05:58PM (#59250832) Journal

    Internet service providers are worried that they may be shut out of the data and won't know as much about their customers' traffic patterns

    This is like being asked to weep over the damage to local crooks when the mafia move in ...

    • Internet service providers are worried that they may be shut out of the data and won't know as much about their customers' traffic patterns

      This is like being asked to weep over the damage to local crooks when the mafia move in ...

      Actually, it's almost EXACTLY like being asked to weap over the damage to the telephone company from being unable to tap your phone, listen to your conversations to find out what you're shopping for, and put your number on a list to sell to temarketers running scams purporting to

    • What you root for, in these scenarios, that they bash each others' heads in, while you fuel the fire, until there is only one entity left, weaened enough to finish off.

      You don't need to be a giant to fight a giant.
      You only need to make him believe the other giant is the one fighting him. And vice versa.

  • IP has been provided free of licenses for over 50 years. Congress has no oversight into what PEOPLE choose to do with it [IP specifically, TCP as well, and I'm not advocating for application-layer stuff that violates a law].

    So if PEOPLE want to INSTALL an APPLICATION that uses any layer of networking software to do whatever they want -- provided it's legal -- Congress has no purvey about this.

    Is it LEGAL to pick and choose your DNS servers? Yes.
    Is it LEGAL to select your choice of protocol (UDP, TCP, HTTP

  • So Let Me Get This Straight (Score:3)

    by Nom du Keyboard ( 633989 ) on Sunday September 29, 2019 @06:28PM (#59250900)

    So let me get this straight:

    The local ISPs are complaining that they won't be able to continue getting customer data for sales and advertising purposes now because Google is getting the customer data for sales and advertising purposes.

    Seems to me that I'm being left out on wanting Nobody getting my data for sales and advertising purposes.

    Am I missing anything here?

    • When suddenly, it's not even discussed anymore, if starting war or torturing people is acceptable, but only by whom and how much is acceeptable.

      Nevermind there never being a "controversy" about starting a war or torturing people in the first place. It's not acceptable. Period.

      Ditto here. Spying on my data is not acceptable. Period. Trying to manipulate me into wasting money or picking an inferior choice ("advertisement") is not acceptable. Period.
      Prison shall be the sentence. Including for those that were i

    • Comment removed based on user account deletion

      • They sell it to the highest bidder.

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        Google already has full access to your browser history if you use its browser

        I wish someone would offer some proof of this. I'd love to be the guy who submitted the GDPR complaint that cost Google 4% of its global turnover and forced it to change the way Chrome works.

    • So set up your own public DNS over TLS server. Have it cache the DNS directory and do daily updates from the DNS root server. Local ISP's, Government, and Google now have no idea who requested what.

  • I'll have to assume this is a bipartisan thing in Congress? Of course protecting the "right" to spy would be the kinds of things they agree on.

    Vote them all out!

    And/Or let's make DNS obsolete with ad hoc real P2P networking, something to save all this stupid arguing. I wouldn't trust Cloudflare or Google with my queries any more than my ISP anyway.

  • Cancer on all sides! (Score:3)

    by BAReFO0t ( 6240524 ) on Sunday September 29, 2019 @06:56PM (#59250950)

    Advertisers ... basically legalized crime.
    ISPs ... evil mobopolists.
    The "government" ... a corporate oligarchy of traitors.
    DNS over HTTP ... Funneling all your name resolving through an advertiser data kraken's mouth, or alternatively, becoming Mozilla's bitch.

    Who to root for?
    That they will all bash each others' heads in, and the last man standing is weak enough to finish off easily.

  • Who's next? (Score:4, Interesting)

    by seoras ( 147590 ) on Sunday September 29, 2019 @07:12PM (#59251004)

    So yesterday we had an article here about the UK being pissed at Firefox for DNS over HTTPS [slashdot.org] and today it's Google getting collared by Congress for DNS over TLS.

    Given the EU's privacy policies and regulations (e.g GDRP [wikipedia.org]) it wouldn't surprise me if they went the opposite direction and made secure DNS a legal requirement.

    Of course the BRICS [wikipedia.org] will no doubt come down even harder on this.

    This is going to be a very interesting cat and mouse game between technology and political agendas.
    My money's on tech as it is always quicker to evolve than governmental policy and legislation.

  • The NSA should run their own competing secure DNS service. They can say, "We won't let corporates spy on you, and you know we have everything anyway." Congress ought to be happy with that option (at least until the bill comes due, but the NSA will make sure the money is classified, so Congress won't have to tell voters) .

  • It is the sort of complaint that makes you say “fuck you all, just transfer my packets. “

  • >"Google says it's pushing for adoption of the technology to prevent spying[...]"

    If you are using Chrom* [which is most every browser except Firefox and Safari] then it is apparent you already don't care about spying.

  • Then you already know it is to their benefit to do so.

    The field of competition for user data gets a lot smaller when only a few folks are allowed to see it.
    How much money will others pay to see that data once they're locked out of the cookie jar I wonder.

    Will your ISP block connections to other known DNS servers other than their own ?
    ( I would suspect that will be a possibility once Google / Mozillas idea is no longer an optional one )

  • It's a bit like two crooks discussing with the police which of the two should be allowed to rob you.

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close