Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

Some concerned it hands too much power to too few

Microsoft has put its weight behind the DNS-over-HTTPS (DoH) security protocol, greatly increasing the likelihood of it becoming a default internet standard.

In a post published Sunday on its networking blog, Microsoft engineers confirmed plans to adopt DoH as a default, explaining that it would “close one of the last remaining plain-text domain name transmissions in common web traffic.”

The DoH protocol encrypts requests from people’s browsers and as such prevents - or, more accurately, greatly limits - malicious actors ability to hijack, read and redirect people’s browser traffic. However, it has fallen foul of other internet companies - particularly ISPs - who will no longer be able to see their own customers’ traffic.

ISPs complain that they use the ability to see DNS queries to counter and filter content and have warned that DoH would end up centralizing the vast data pile that global browsing produces, which could potentially be worth huge sums of money, especially to a company like Google whose entire business model works on compiling data.

In its post, Microsoft acknowledges but dismisses this criticism. “We believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier,” it notes, adding: “There is an assumption by many that DNS encryption requires DNS centralization. This is only true if encrypted DNS adoption isn’t universal.”

Keeping it in house

Although Google has implied it will use its own DoH service - which will route Chrome traffic through its own servers - Mozilla has said it will open up its Firefox DoH provider to any company that promises not to sell the data and to delete it after 24 hours.

Microsoft is implying that it will adopt the Mozilla model, particularly when it notes that it “will look for opportunities to encrypt Windows DNS traffic without changing the configured DNS resolvers set by users and system administrators.”

But it hasn’t committed to being equitable and there is clear value to Microsoft having its own DoH service as a default. The blog post also acknowledges another issue with DoH: its complexity and likelihood or interfering with existing applications and network setups.

“Providing encrypted DNS support without breaking existing Windows device admin configuration won't be easy. However, at Microsoft we believe that ‘we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology’."

It notes that it also needs to keep the process simple noting that “Windows users and administrators need to be able to improve their DNS configuration with as few simple actions as possible. We must ensure we don't require specialized knowledge or effort on the part of Windows users to benefit from encrypted DNS.”

DNS interception

DoHn't believe the hype! You are being lied to by data-hungry ISPs, Mozilla warns lawmakers


Microsoft acknowledges that it is going to be difficult to introduce DoH in a way that is simple for users and that it may take a while before it can make the system available to the ordinary Windows user.

But Redmond said that it “felt it was important to make our intentions clear as early as possible. We don’t want our customers wondering if their trusted platform will adopt modern privacy standards or not.”

Despite apparently going all-in on DoH, the blog stresses that it is also going to adopt the other main DNS encryption protocol - DNS over TLS (DoT) that ISPs prefer because it gives them continued access to unencrypted DNS traffic.

“As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we're prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure.”

The decision effectively makes DoH an internet default - something that is unlikely to please the UK’s ISPA which named Mozilla an “internet villain” for its support of DoH, or the US cable industry which, somewhat wildly, insisted the DoH would break the internet. Which is nonsense. ®

Other stories you might like

  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022