New browser security debate heats up
Illustration: Aïda Amer/Axios
A new feature in Mozilla and, soon, Chrome web browsers will stop snoops — from your boss to criminals — from tracking which sites you visit. But the same technology also has opponents, as many groups fighting child exploitation say it will hamper their work, and a few internet experts argue it will undermine security.
The big picture: The feature, known as DNS over HTTPS (DoH), has a lot of support in the internet engineering and privacy communities, including the Internet Engineering Task Force, a key internet standards body. But as in the larger debate over encryption, privacy benefits can have downsides for some parties.
How it works: Until very recently, when you typed “axios.com” into a web browser, the first stage of that request was sent out over the internet unencrypted. That data could be:
- Compiled and sold by Internet service providers and used for ads.
- Subpoenaed by the government.
- Available for your boss to see, if you worked on a corporate network.
DoH changes that by encrypting the name you visit, so no one but you and a DoH provider like Google, Cloudflare or Quad9 see them. And those groups pledge to quickly delete all logs.
Driving the news: Last week, Google announced it would switch Chrome and Android users to DoH whenever the provider they used for unencrypted browsing also offered DoH. Mozilla announced plans this weekend to begin testing out DoH by default for all users in the U.S.
- That created an uproar at child endangerment organizations, who worry that enabling DoH by default will circumvent parental filtering software in the U.S.
- Groups have had similar concerns in the U.K., where internet service providers filter illicit websites as users try to access them — something that's impossible to do with DoH.
Google thinks it is being misunderstood. The company's proposal would only change a user's settings from the old, unencrypted system if doing so wouldn't affect existing filters and security, meaning the child endangerment argument really wouldn't apply.
- "All existing filters and controls remain intact," the company said in a statement.
But there are security reasons why some people oppose DoH, too.
- Paul Vixie, who laid a lot of the groundwork for the old DNS system, warns that DoH prevents corporations from filtering connections to malicious domains.
- Vixie believes that a nearly identical service that provides better visibility, DNS-over-TLS (DoT), is a superior choice. Both options use the same encryption algorithm.
DoH advocates argue that their preferred protocol has a key advantage over DoT. DoH uses the same pathways as web browsing, making it impossible to block without blocking all web browsing. DoT doesn't disguise itself that way.
- But Vixie believes that puts the security of the few over that of the many. "With DoH, they are solving a problem that most of the world doesn't have by creating a problem that everyone in the world will have," he said.
Mozilla says that many concerns are already being addressed on its end.
- "Our deployment plan will disable DoH if parental controls are in place," said Selena Deckelmann, senior director of engineering, adding the same will be true when Firefox detects certain security products.
- And Cloudflare notes that parental filters that operate before starting to connect to a website will still work. "Someone looking to use DoH to keep their web browsing data private can apply parental filters or security products on their DoH endpoint," said Alissa Starzak, Cloudflare head of policy.
The bottom line: The risks to parental controls might not be as grim as the child endangerment argument suggests.