As the internet has shifted to securing data and encrypting traffic by default, one surprising privacy hole has remained, which leaves a trail of sites you visit open to sniffing by network ne’er-do-wells. A proposal to remedy this is being rolled out slowly—by Mozilla in its Firefox browser and by Google in Chrome.
This new technology approach, called DNS-over-HTTPS (DoH), can shield your browsing habits from ISPs such as AT&T, Comcast, and Verizon, who have at times showed a propensity to track users by using supercookies and other techniques. (Sean Captain offers advice on how to use DoH in “Here’s how to stop Comcast, Verizon, and other ISPs from spying on you.”)
But security can be a two-edged sword. This technology for shielding your actions from ISPs, public hotspots, and other institutions has the potential to introduce a new privacy risk: the centralization of browsing habits. It also highlights existing privacy leaks that DoH doesn’t solve and could exacerbate.
WHAT’S IN A NAME? EVERYTHING
Unless you use a virtual private network (VPN) connection, someone with access to a public network you use can determine every web site you visit, every email server you contact, and every other kind of online server your mobile device or laptop connects with, even when each connection is encrypted. This is also true on any shared network in which network traffic isn’t shielded from other users on the same network, or which administrators can monitor.
That’s because of the last truly exposed plumbing fixtures of the old internet: DNS, or domain name service. DNS is an ancient system developed when the number of computers on the internet outpaced people’s ability to manually update lists of them. Yes, it’s that old. Instead, DNS provides a way to map a human-readable and typeable name, such as fastcompany.com, to the appropriate machine-oriented address, like 151.101.1.54 or 2607:f8b0:4004:814:200e. (The former number uses the long-running IP version 4 notation; the latter, IPv6, allows for vastly more unique numbers and has rolled out slowly as an eventual replacement for IPv4.)
Not only do you not want to type those numbers in or memorize them; DNS has grown vastly in complexity since its early days, allowing a single name to map to many different machine identities to allow “round-robin” access that helps balance traffic loads. It’s also used by content-distribution networks (CDNs), such as Akamai and Amazon CloudFront, to offer a server address that’s geographically closest to the device requesting it, reducing the number of internet hops and thereby improving performance.
And DNS is also a way to stash a lot of other additional information related to a domain and its owners. So-called text (TXT) records allow any arbitrary information to be added to a DNS entry. Google allows a TXT record to verify a domain ownership, just like a message is sent to an email address to validate that someone has access to that mailbox.
EVERY TIME A DNS LOOKUP OCCURS, THE DOMAIN NAMES ARE SENT IN THE CLEAR.”
When you make a network connection via Wi-Fi, Ethernet, or cellular, one of the things your device receives is a list of DNS servers. Your device sends the query to the DNS server, which consults a master list of all TLDs (top-level domains), like .com, .aero, and .uk. Using a hierarchy from right to left, separated by periods, the DNS server eventually finds an “authoritative” DNS server that provides an answer, and then that answer is handed back to your device. Not exactly simple, but at least somewhat straightforward.
For instance, a browser trying to reach fastcompany.com starts by consulting the .com hierarchy for where fastcompany.com has its entries stored—the servers that feed out DNS information are called “nameservers”—and then consults the fastcompany.com nameserver directly to receive the records required to create a direct connection by machine address. Fast Company uses a CDN, like most sites that see a lot of traffic, and the machine address you receive may be different from someone 2,000 miles away, or possibly even 100 miles away.
The trouble is that every time a DNS lookup occurs, the domain names are sent in the clear, even if the rest of the communication is encrypted, as web and email connections are likely to be, thanks to the massive uptake of encryption in the post-Snowden era. A PC might send thousands of DNS requests a day, due to all the tracking components and third-party elements used on modern websites.
Because of CDN retrievals, someone monitoring domain lookups and the IP address responses may be able to derive a cluster of information about your habits and whereabouts, sometimes with incredible granularity.
DNS is fusty and obscure. It’s such a mess that in 2008, security researcher Dan Kaminsky uncovered a fundamental flaw that affected nearly every operating system and server in the world. He worked diligently to keep it secret until Apple, Microsoft, Google, and other firms co
Post a Comment