Why Every Privacy Activist Should Embrace* DNS-over-HTTPS

Alec Muffett
Apr 27, 2019 · 3 min read

*even if it means initially using Google or Cloudflare for DNS for a while

A friend posted to a maillist:

The amount of dns fuckery in the UK already is high enough that neverssl.com is now the top suggestion on my chrome browser homepage, as I have to load it every time I get on a train to get their middle-boxes out of my way. Is DoH going to make this even more cumbersome?

It’s a fair question, but taking a step back — and having seen a lot of slightly fearmongering posts about DNS-over-HTTPS (DoH) of late, I responded thusly:

The fact that a local-network “terms-and-conditions” gateway requires a DNS-hijack in order to operate, is evil; that bootstrapping a basic function (gaining connectivity) sometimes uses a breach of a trust model (fake DNS mapping) should never have been invented. It’s a hack. It’s a kludge. It’s wrong.

But I can’t get on board with my peers who believe that it’s a good idea to throw vitriol at DoH just because it might complicate “legacy” crap like the above, or that disintermediating DNS is somehow bad for security controls.

I believe the converse; this is a “risk” we’ve always faced, that people would stop using “name resolution” and start doing stuff like:

  • hardcoding IP addresses
  • hardcoding Onion addresses
  • using transports like VPNs (with hardcoded IP addresses) to create a private IP namespace with private name resolution, invisible to filters

Using DNS as a single (or: one of several?) point of control for choking-down who-can-talk-to-whom, has always been a bad idea; I can totally see why people on this maillist are looking at DoH and are seeing it as “ARGH! CENTRALISATION!” but I have a completely different take on it:

I see DoH as part-of, and pursuant-to, restoration of the “End-To-End Principle”.

If you are having a genuine private conversation with someone over [some messenger system] then it is the participants who define what is exchanged, without opportunity for some third party to intervene with the content.

So when you interact with a website, why is it suddenly a good thing for a random third party MIDDLEMAN (eg: anyone in your DNS name-resolution food-chain) to be able to tamper with your name resolution? Yes, it means choosing to use {Google, Cloudflare} — who are the “800lb gorillas” in this space — for a while, but handled properly and temperately with consumer choice and without identifiers[1] there is a much reduced opportunity for the “fuckery” which you fear.

Yes, DoH may be a hassle if you personally rely upon your own local tampering with DNS in order to provide endpoint user-experience controls that your browser/apps otherwise lack; but to some extent those challenges are failings[2] in your endpoints; anyone who makes arguments like “WhatsApp should ‘Give The User More Control’ over the content which are sent/they receive over that end-to-end-encrypted messenger” — should understand this perspective.

So I see:

  • personal, local DNS tampering as a crutch to provide control over inadequately controllable apps; and I aver that we should ditch the “crutch” by fixing the apps
  • upstream DNS tampering as man-in-the-middlery, and censorship.

…and thus I welcome DoH.

Further: if we take the concept of “a browser with unfilterable communication and embedded name resolution which [means of name resolution, as well as transport] is unblockable and does not rely upon third parties who might be coerced” to its logical conclusion, we simply reinvent Tor Onion Networking, of which I am deeply in favour.

Disintermediated communication; it’s what speech used to be.

[1] both things that we should collectively lobby for.
[2] things that we should collectively lobby to address

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store