Submitted via IRC for SoyGuest31999
Android, the world's most popular mobile operating system, will soon enable a security protocol that helps keep internet service providers (ISPs) from spying on users. "DNS over TLS" adds a level of encryption to your DNS requests that are (mostly) inaccessible by your ISP.
[...] Using current methods, the requests happen through UDP or TCP protocols, not the more secure TLS. When Android makes the switch, you'll get the same results, only now with HTTPS-level security. That is to say, snoops now know when you've connected to a website, but not which one. Pornhub, for example, is the same as Gmail. Or, it is for the person spying on you. You'll still have to live with the fact you're watching Pokemon Go porn (safe-ish for work).
(Score: 0) by Anonymous Coward on Thursday October 26 2017, @04:29PM
One of the suggested improvements for TLS 1.3 was to also encrypt the SNI portion of the exchange or at least hash. Based on the last time I checked, that was ultimately rejected because most of the suggested techniques (not all) required increasing the number of packets exchanged. Of course, the techniques that didn't were rejected as "unfeasible" because there is no possible way for all servers to know the domain names or SLDs that they will be serving in advance, or because it would require reordering some packets, or because exchanging a hashed+salted SLD isn't secure due to bruting concerns or CDN certs with 100 SANs, etc.