DNS over HTTPS is a controversial internet privacy technology which would encrypt DNS connections and hide them in the common HTTPS traffic, making it impossible for ISPs to snoop on your internet traffic and know which websites you are visiting. Currently, DNS requests are sent over plaintext UDP connections.
The DNS-over-HTTPS protocol (IETF RFC8484) can be built directly into apps, allowing each app to use its own DNS resolvers rather than depend on the operating system. The technology is currently in testing in Google’s Chrome and is already available in Firefox.
Now however Microsoft has indicated that they will be doing the hard work themselves and building the technology directly into Windows 10.
Windows Core Networking engineers Tommy Jensen, Ivan Pasho and Gabriel Montenegro said DoH in Windows “will close one of the last remaining plain-text domain name transmissions in common web traffic.”
The move is controversial, as it could prevent companies from managing their network traffic, but Microsoft said it was worth the price, saying it has to treat privacy as a human right and has to have end to end cybersecurity built into products.
In Firefox at present users can set Cloudflare as their DNS over HTTPS provider, cutting ISPs completely from knowledge of your network traffic. Companies who offer a legally binding DNS resolver policy that strictly limits their data use and retention are able to join the list. Users can disable DoH in Firefox to handle situations such as enterprise split-horizon DNS where a domain resolves differently depending on where the query originates from.
In UK the technology has seen heavy opposition from ISPs and security services.
According to IPSAUK, it would also “bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.”
The UK GCHQ spy service has said it will impede police investigations and undermine laws which mandate that ISPs needed to block certain websites.
The reaction to the same technology becoming the default position of Windows is likely to be even more forceful.