Google addresses ‘misconceptions’ about Chrome’s encrypted DNS push

[zanderthunder]

 

Last month, Google announced a plan to encrypt DNS — or DNS over HTTPS (DoH) — in Chrome. In the United States, this was met with criticism from Internet Service Providers for limiting monitoring capabilities, but supported by privacy activists. Google today is pushing back against “misconceptions” regarding its rollout.

 

Quote

Whenever you type a URL into your browser (for example “redcross.org”), this information is sent to a domain name system (DNS) provider that converts that request into the unique numerical “IP address” (e.g. 162.6.217.119) that identifies websites on the Internet.

 

The current lack of encryption when browsers make requests to DNS providers means that others could track what sites you’re visiting or maliciously redirect you to another page. Chrome and other browser solutions involve secure DNS connections with DNS-over-HTTPS.

 

Google starts by noting that it is not changing a user’s DNS provider to its own 8.8.8.8 service. Rather, Chrome is just supporting those secure connections if you’re using a current provider that supports DoH.

 

Quote

Chrome will check if the user’s DNS provider is among a list of participating DoH-compatible providers and if so, it will enable DoH. If the DNS provider is not on the list, Chrome won’t enable DoH and will continue to operate as it does today.

 

Another concern has been how encrypted DNS in Chrome will interfere with parental controls offered by ISPs that block inappropriate websites. There should be no actual impact.

 

Quote

In fact, any existing content controls of your DNS provider, including any protections for children, should remain active. DoH secures the URL data only while it’s in transit between your browser and the DNS provider, so your provider’s malware protection and parental control features will continue to work as they have in the past.

 

So far, Chrome only has plans to roll out DoH support for 1% of users. Still an “experiment,” Google wants to monitor performance and reliability, while Chrome 79 will offer the ability to opt-out via a new flag: chrome://flags/#dns-over-https.

 

Source: Google addresses ‘misconceptions’ about Chrome’s encrypted DNS push (via 9to5Google)

[steven36]

I knew  that from day one

 

Quote

 

So basically it don't work unless your use one of these DNS system wide witch is fine by me because ill stay with using system wide methods changing my DNS  to providers that don't log not providers they pick that all log as long as they don't latter down the road try to force Google DNS on you with this witch i doubt they will because of website blocking laws outside the USA but you never know about  Tech companies . there not even doing this in Linux like Firefox is  or for IOS

 

• Cleanbrowsing

• Cloudflare

• DNS.SB

• Google

• OpenDNS

• Quad9

More concretely, the experiment in Chrome 78 will check if the user’s current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider. If the DNS provider isn’t in the list, Chrome will continue to operate as it does today. The providers included in the list were selected for their strong stance on privacy and security, as well as the readiness of their DoH services, and also agreed to participate in the experiment. The goals of this experiment are to validate our implementation and to evaluate the performance impact.  Our experiment will run on all supported platforms (with the exception of Linux and iOS) for a fraction of Chrome users. On Android 9 and above, if the user has specified a DNS-over-TLS provider in the private DNS settings, Chrome may use the associated DoH provider, and will fallback to the system private DNS upon error.

 

Source: https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html

 

 

Firefox way is better they let you turn it off or on and put in any DoH provider in even ones that don't log and it works with out changing DNS It also means Google is spying on your DNS to know to enable it or not !

 

I want use Google Chrome on Linux i do have Chromium Snap With VAAPI (Hardware-Accelerated Video Decoding) Support

https://www.linuxuprising.com/2019/01/ubuntu-testing-chromium-snap-with-vaapi.html

 

Google Chrome has no plains on enabling this on Linux so Brave Browser offers the same features  Google does and much more on Linux .

 

 

 

I have no reason to use Closed source browsers and i would use none of there  DNS providers  that logs  system wide no way.

 

There spying on your DNS to see witch provider your using but them spying on you is nothing new they been doing it for years with Google Safe Browsing even in Firefox and other Chromium forks and i been disabling that since 2012 . I don't trust and ad company with privacy or security  and them only giving you a choice of DNS providers that log that you have to use system wide to use DOH  is more reason not to trust them. I can put a non logging DOH  provider in Firefox and not have to change my DNS system wide witch is my VPNs  DNS  most of the time . Or I can turn it off and use none. 

 

To use DOH in chrome this is what I have to do

1. Boot into Windows because its not implemented in the Linux version . Which i'm  not willing to do just to use DOH

2.Install Google Chrome , Which im not willing to do because  ive never  used it.

3. Change my no logging DNS to a logging DNS provider in my VPN software .  Which im not willing to do and it would be a oxymoron if i did.

 

To Use DOH on Firefox

1. Go to DNS settings in Firefox and put in a non logging provider and thats all.