Google plans to test DNS over HTTPS in Chrome 78 - gHacks Tech News

Google plans to test DNS over HTTPS in Chrome 78

Google revealed plans to test the company's implementation of DNS over HTTPS (DoH) in Chrome 78. DNS over HTTPS aims to improve security and privacy of DNS requests by utilizing HTTPS. The current stable version of Chrome is 77 released on September 10, 2019.

Google notes that DoH prevents other WiFi users from seeing visited websites; common attacks such as spoofing or pharming could potentially be prevented by using DoH.

Google decided to test the DoH implementation in a different way than Mozilla. Mozilla selected Cloudflare as its partner in the testing phase and will use Cloudflare as the default provider when it rolls out the feature to US users in late September 2019.

Firefox users have options to change the DNS over HTTPS provider or turn off the feature entirely in the browser.

Google's DNS over HTTPS plan

Google picked a different route for the test. The company decided to test the implementation using multiple DoH providers. The company could have used its own DoH service for the tests but decided to select multiple providers instead.

Tests will upgrade Chrome installations to use DoH if the DNS service that is used on the system supports DoH. Google circumnavigates any criticism in regards to privacy that Mozilla faced when it announced the partnership with Cloudflare.

Google selected the cooperating providers for "their strong stance on security and privacy" and "readiness of their DoH services" and agreement to participate in the test.

The following providers were picked by the company:

If Chrome runs on a system that uses one of these services for DNS, it will start using DoH instead when Chrome 78 launches.

The experiment will run on all platforms for a fraction of Chrome users with the exception of Chrome on  Linux and iOS. Chrome will revert to the regular DNS service in the case of errors.

Most managed Chrome deployments will be excluded from the experiment, and Google plans to provide details on DoH policies on the company's Chrome Enterprise blog before release to provide administrators with information on configuring those.

Chrome users may use the flag chrome://flags/#dns-over-http to opt in or out of the experiment. The flag is not integrated in any version of the Chrome browser yet.

chrome secure dns lookup

Secure DNS lookups

Enables DNS over HTTPS. When this feature is enabled, your browser may try to use a secure HTTPS connection to look up the addresses of websites and other web resources. – Mac, Windows, Chrome OS, Android

Closing Words

Most Chromium-based browsers and Firefox will start to use DNS over HTTPS in the near future. Firefox provides options to disable the feature and Chrome comes with an experimental flag that offers the same. Experimental flags may be removed at one point in the future however and it is unclear at this point whether Google plans to add a switch to Chrome's preference to enable or disable the feature.

Now You: What is your take on DoH?

Summary
Google plans to test DNS over HTTPS in Chrome 78
Article Name
Google plans to test DNS over HTTPS in Chrome 78
Description
Google revealed plans to test the company's implementation of DNS over HTTPS (DoH) in Chrome 78. DNS over HTTPS aims to improve security and privacy of DNS requests by utilizing HTTPS.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post:

Comments

  1. Tarmin said on September 11, 2019 at 9:56 am
    Reply

    This is how it looks like —

    https://i.gyazo.com/c13f78aaa42abe91b3d14ffa3120385a.png

    Version 79.0.3908.2 (Official Build) (64-bit)

    1. Martin Brinkmann said on September 11, 2019 at 10:01 am
      Reply

      Interesting. Do you think that flag is only enabled if one of the supported DNS providers is used?

      1. Tarmin said on September 11, 2019 at 10:34 am
        Reply

        I manually enabled the flag All new changes always get integrated in Chromium first, not Chrome. If you want to test it, get Chromium.

  2. Light_and_Flight said on September 11, 2019 at 10:03 am
    Reply

    I am from Russia and there is terrible censorship and there is no freedom of speech.
    DoH will help me bypass censorship and maintain at least some privacy.

    Thanks to technology companies for helping to breathe in 404 countries.

  3. Yuliya said on September 11, 2019 at 11:10 am
    Reply

    Bad. The OS alone should handle DNS, not your glorified text renderer.

    1. sam said on September 11, 2019 at 2:38 pm
      Reply

      Yeah, OSs should have this capability out of the box. OSs, even open platform like Linux, sucks in this department.

      1. John Fenderson said on September 11, 2019 at 5:17 pm
        Reply

        @sam:

        Linux isn’t configured to do this out of the box for technical reasons, but it’s not difficult to set it up to use any of the encrypted DNS lookup systems.

    2. ULBoom said on September 11, 2019 at 3:16 pm
      Reply

      Yup. OS, third party software, etc., not browser. Not the door into and out of the Internet.

  4. mike said on September 11, 2019 at 1:37 pm
    Reply

    this is how DoH in the browser should be done. google respects the OS dns settings, while mozilla simply overwrites them and forces users to use cloudflare.

    1. iponymous said on September 11, 2019 at 2:20 pm
      Reply

      In Mozilla Firefox one can change the DoH setting from “Cloudflare to “Custom” and then use whatever DoH capable DNS service one wishes.

    2. Tom Hawack said on September 11, 2019 at 2:32 pm
      Reply

      @mike, not really. As recalled in the article, “Firefox users have options to change the DNS over HTTPS provider or turn off”, and Cloudflare is only the default provider. Of course, one can consider the amount of users who never change nor even consider changing default settings, but the choice is available and, after all, users are mature (at least should be proportionally to their age) or otherwise be considered not being taken by the hand for the best is relevant of dishonesty. As always liberty versus assistantship.

    3. Tom said on September 11, 2019 at 3:36 pm
      Reply

      That’s not true at all.

      1. Once Chrome enables DoH by default it will, of course, override the OS setting as well. Otherwise it wouldn’t make sense.
      2. Also Mozilla won’t enable DoH under all circumstances.
      3. You can change the DoH provider or disable DoH in the visible Firefox settings, no hidden interface (about:config / flags) is needed

      “mozilla simply forces users to use cloudflare” is a lie.

      1. mike said on September 11, 2019 at 6:26 pm
        Reply

        guys, read the article. google detects the default DNS provider and tries to upgrade the connection within the same provider. it does not interfere with the DNS provider itself.

        mozilla, on the other hand, chooses cloudflare as the default provider.

  5. Ascrod said on September 11, 2019 at 2:08 pm
    Reply

    How exactly does Chrome detect the system DNS provider?

    IMO browsers shouldn’t be doing anything with DNS, or VPN, or any other network gatekeeping. That should be an OS-level thing.

  6. ULBoom said on September 11, 2019 at 3:13 pm
    Reply

    Doesn’t that hideous bouncing Omnibar thing copy everything you enter ostensibly to give faster search results? FF’s can too.

    Trust a free decrytor? Sure. The providers chosen by Google all collect user data.

    With so many ways for browsers to intercept requests and sites to redirect requests, after data is encrypted and as long as it stays that way, it’s secure. Before and after, it’s not. Makes little sense for Google, who dominates by far, online ad serving to give it up revenue.

    When will MS enter the BS race to confuse users with TL; DR esoterica?

  7. John Doe said on September 11, 2019 at 6:18 pm
    Reply

    Yandex Browser and Bromite (Android) has implemented this long long time ago.

  8. Ping Pong Playa said on September 11, 2019 at 7:39 pm
    Reply

    If you could trust these companies there might be some merit in DoH for an average user but if you’ve been paying any attention lately you can not trust them. Professionals are not interested in a browser taking over OS level functions. This is a privacy and security nightmare. Hackers can now focus on browsers instead of the OS. Also, personally I’m not interested in beta testing software or participating in a “Testing Phase”, its too much of a risk. I have never used chrome but I only install the enterprise version for hold outs. Another concerning issue is not having any choice in the matter. Browsers are becoming more complex each year and configuring privacy and security is a major hassle since changes are rolled out continuously, even worse is when google or mozilla removes the ability to make changes. Browsers are in a downward spiral as far as privacy and security are concerned. In a few years people will begin to understand what is happening and privacy centric browsers will become more popular.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.