https://www.theregister.co.uk/2019/09/10/chrome_78_dnsoverhttps/
Only days after Mozilla said it plans to make DNS-over-HTTPS (DoH) available by default gradually for Firefox users in the US, Google announced its intention to test DoH in Chrome 78, due for beta release in the next two weeks.
DoH wraps domain-name queries in a secure, encrypted HTTPS connection to a DNS server, rather than firing off requests using bog-standard plain-text insecure DNS, thereby keeping queries inaccessible to eavesdroppers. It's one of several emerging internet protocols intended to close security and privacy gaps in online communications.
Google's experiment will involve checking whether Chrome 78 users' DNS provider is among six services selected for their readiness to test DoH – Cleanbrowsing, Cloudflare, DNS.SB, Google, OpenDNS and Quad9. And if so, Chrome will switch from standard DNS to DoH using the same service provider, at least for those lucky few in the experimental group.
Google is thus avoiding one of the concerns raised by Mozilla's approach, forcing Firefox users to change their chosen DNS provider for Cloudflare. In so doing, Google ensures that malware screening and parental filtering capabilities offered by DNS providers will continue to function, if possible under DoH.
(Score: 2) by maxwell demon on Friday September 13 2019, @01:30PM (1 child)
So how is this supposed to work with intranet addresses which won't be resolved by external DNS?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Fishscene on Friday September 13 2019, @01:54PM
It's supposed to phone home to google first so they can build a profile of your internal network. This can then be leaked to hackers or turned over to governments that "request" it from Google.
I'm not stupid. I took history classes all through high school. The one thing you DON'T do is give up your freedom of privacy. Because it *will* be used against you if not now, then later.
If nothing else, google and its employees have absolutely NO business knowing anything about your internal network - so why are they hellbent on doing this for millions of people?
If you're at a company - why are you letting you and your employees leak the details of your internal network to a 3rd party?
I know I am not God, because every time I pray to Him, it's because I'm not perfect and thankful for what He's done.