Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit

Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit

View Reddit by MichaelRahmaniView Source

Tags :


  • I’m more interested in it being able to prevent the ISP’s from hijacking DNS queries and returning bogus or redirected results.

  • This won’t stop ISPs from seeing the websites you visit – only hinder them a bit. They’ll still see the IP addresses you are communicating with, and it’s a simple lookup to determine who that IP belongs to.

    You would need to use a VPN to truly hide your traffic from them.

  • Except this pushes people to use Google’s DNS over TLS servers so instead of your ISP tracking you now Google can instead. And as mentioned, your ISP can still see the IP address of servers you communicate with which are a reverse DNS lookup away from still being trackable. So you basically are still trackable by your ISP but now you’re also giving your information to Google too.

  • Eli5, won’t isps still see which ip address you’re sending messages to?

  • This is good. I would honestly rather Google monetize the way I browse the web than the ISPs. Google gives me free things like VOIP-to-PSTN service and SMS, while the only things the ISP gives me are a higher bill every year and encroaching data caps.

    So, after congress gave ISPs the green light to invade our privacy to increase their profits while still making us pay for Internet service, a feature built into the OS that obscures my browsing habits and prevents ISPs from engaging in the above is the digital equivalent of spitting in the ISP’s face, I love it!

  • Google: “if you want that information, you’ll have to buy it like everyone else”

  • Wouldn’t this be slow? You’d have to wait for a TLS handshake to complete. Would it do this for each query or would it just keep the connection open? I thought DNS servers used UDP preciously so they don’t have to manage connection state.

    How would a MITM attack be avoided? How would we authenticate the server given that DNS is accessed via IP not a domain? Would we have a trusted list of certificates for DNS?

  • Cool, now also give people without root the opportunity to change DNS.

  • If you really care about safeguarding your privacy, you should setup your own vpn connection to your own vps, running your own caching dns server and caching web proxy. Tailor it to your specific needs, and don’t trust anyone’s service.

  • How is this not pointless given ?

    > Server Name Indication (SNI) is an extension to the TLS computer networking protocol[1] by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.

    > The desired hostname is not encrypted,[2] so an eavesdropper can see which site is being requested.

  • The cynic in me thinks that Google tracking data of us becomes more valuable, the less other people are able to collect and sell tracking data.

  • Does this mean all the government banned torrent and streaming website will be unblocked without VPN?

  • So wait, wouldn’t this only work if you still continue to use Google’s DNS servers? And then you would be sending information of the websites you visit to Google instead of your ISP…Right?

    If this is how it works then what’s the point? Your privacy is still being invaded but this time by a data hog that generates billions out of it. I’m surprised this article doesn’t mention that.

  • Does it keep the phone company from snooping also?

  • Would this also help protect you when using a Starbucks wifi or something like that? Or would they still be able to tell what websites you visit?

  • Wait so it’s gonna have a VPN?

  • So can I use it to break the great fire wall?

  • Google wants to sell that info, so it does them no good for everyone else to have it for free.

  • Its easy to be cynical about mobile security but hey I am glad to see any progress in these technologies.

  • Great, now my IDS is going to nuts.

  • So people will have encrypted DNS queries to where? Their router/ISP.

    Unless everyone manually switches to another DNS provider, their ISP’s will still get all the queries. If the ISP redirects DNS traffic, then they’ll still get all the queries.

  • This stops the ISP from seeing it, but allows Google to see it. I have no problem with my ISP – but I live outside China and the united states.

  • Isn’t domain part of url viewable by ISP anyway even if it is HTTPS, when ISP capture the traffic? For the DNS, if the user is using the DNS provided by ISP, isn’t it also viewable by ISP?

Leave Your Comment