Antitrust investigators with the House Judiciary Committee are looking into Google’s plans to add Domain Name System over Transport Layer Security (DNS over TLS) to its Chrome browser, the Wall Street Journal reported on Sunday, in the latest escalation of scrutiny over the company’s business practices. The Department of Justice has also heard complaints, a source told the paper.
DNS translates a domain name (such as Gizmodo.com) into an IP address. It’s essentially an internet phonebook. While encryption tech like HTTPS is already in place across much of the web, DNS is currently largely unencrypted by default, meaning it’s possible for service providers to ascertain which web sites a user is visiting and thus monetize traffic records.
Google has reportedly been integrating TLS, an additional layer of encryption, into DNS in Chrome—which the Journal notes could protect users against spoofing attacks or unauthorized snooping into their web traffic, but could also prevent the many “service providers who don’t support the new standard from observing user behavior in gathering data.” Opponents have also raised concerns that as Google controls 64 percent of the worldwide browser market and operates its own DNS system, Google Public DNS, the company could flip a switch transferring Chrome users away from service provider-operated DNS. That, the critics say, could allow Google to gain an unfair advantage over user behavior data invaluable for advertising purposes.
In a Sept. 13 letter to the company, investigators with the House committee asked Google for more information on why it is promoting DNS over TLS and whether any of the data collected or processed will be used for profit, the Journal wrote.
“Because the majority of world-wide internet traffic…runs through the Chrome browser or the Android operating system, Google could become the overwhelmingly predominant DNS lookup provider,” a coalition of service providers wrote in a letter to lawmakers this month, per the Journal. “Google would acquire greater control over user data across networks and devices around the world. This could inhibit competitors and possibly foreclose competition in advertising and other industries.”
“Right now, each internet service provider has insight into the traffic of their users, and that’s going to shift,” chief security officer Andy Ellis of Akamai, which does not support the new standard, told the Journal.
Google is planning on starting tests with the new protocol involving one percent of its user base, a less “aggressive strategy” than Mozilla’s Firefox, which the Journal wrote plans to switch users “to the new standard automatically, even if the change involves switching their DNS service providers.” Google denied that it has any plans to become “the centralized DNS provider,” while Mozilla has characterized the issue as griping by service providers who fear it will make it harder to track users for ad purposes,
There are many problems and advantages with DNS over TLS – basically you make the browser the resolver instead of the (many) DNS providers. This means that you cannot add a private, secret, DNS provider or ISP and not let Google (or Mozilla) know. Countries where censorship exists only have to call these guys up for information on where their websurfing netizens are going. On the other hand, ISPs now have no idea where they are heading.
This happened when SSL/TLS was enforced and suddenly none of the other website statistics providers had any idea how the traffic on the site got there, with the result that almost all of them have died out. There is no real choice but Google Analytics any more for referral traffic, because such a large amount is referred from Google.