Why big ISPs aren’t happy about Google’s plans for encrypted DNS

Dashrender

I will grant them a bit on the Google being the main source of DNS being a problem... but that's easily solvable - others just need to start offering DOH.

Though, considering the purpose of DOH, it really should only be those who aren't looking to gather information from your data - which we all know Google is specifically about - and seems like ISPs are too.

I wonder if Cloudflare is in the data business as well?

scottalanmiller

Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.

DustinB3403

@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.

I have PiHole setup at my residence and funnily enough there are a lot of things that are free like (PBS streaming) which isn't available because they are required to have access to your info. . .

scottalanmiller

@DustinB3403 said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.

I have PiHole setup at my residence and funnily enough there are a lot of things that are free like (PBS streaming) which isn't available because they are required to have access to your info. . .

Weird. I've not seen any of those yet, but wow.

DustinB3403

@scottalanmiller Yeah the services depend on doubleclick etc, so if you have those blocked, then you're SOL for using those streaming services. I was kind of pissed about it. .

JaredBusch

@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.

This does nothing to hide it. It only centralizes the "device" requesting the DNS.

Edit: And if you host it externally, then your ISP still sees your DNS.

scottalanmiller

@JaredBusch said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.

This does nothing to hide it. It only centralizes the "device" requesting the DNS.

Edit: And if you host it externally, then your ISP still sees your DNS.

And caches, so it only knows that something has been looked up, but not how often.

scottalanmiller

@JaredBusch said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

Edit: And if you host it externally, then your ISP still sees your DNS.

Good point. Hides it from one place, but exposes to another.

scottalanmiller

PiHole can do DNS over HTTPS if you configure it (for its own lookups, not your lookups to it.)

https://docs.pi-hole.net/guides/dns-over-https/

JaredBusch

@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

PiHole can do DNS over HTTPS if you configure it (for its own lookups, not your lookups to it.)

https://docs.pi-hole.net/guides/dns-over-https/

Not a default setting in the GUI last tie I looked. /looks at link, yup not a default thing yet.

Good to exist, but until it is native, adoption will be low.

scottalanmiller

It's still a nascent tech.

Obsolesce

Why not set this up to make all of your dns queries

Screenshot_20191001-160203_Google Play Store.jpg

scottalanmiller

@Obsolesce how does that help when I do 99% of my lookups from a desktop?

scottalanmiller

@Obsolesce if I did that, it would bypass my PiHole and put all kinds of crap back into my pages on my phone slowing it down. That would suck.

JaredBusch

@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@Obsolesce if I did that, it would bypass my PiHole and put all kinds of crap back into my pages on my phone slowing it down. That would suck.

It is at least a simple DNS privacy option when you are not at home. But I found it mostly useless.

dbeato

@DustinB3403 said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@scottalanmiller Yeah the services depend on doubleclick etc, so if you have those blocked, then you're SOL for using those streaming services. I was kind of pissed about it. .

Yup, CBS does this as well.

PhlipElder

@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

@Obsolesce if I did that, it would bypass my PiHole and put all kinds of crap back into my pages on my phone slowing it down. That would suck.

All of our edge devices are set to block DNS queries from anywhere but the local DNS server. So, no avoiding it.

PhlipElder

Ugh: https://support.umbrella.com/hc/en-us/articles/360001371526-Web-Browsers-and-DNS-over-HTTPS-default

Cisco/Umbrella/OpenDNS instructions to block DoH.

scottalanmiller

@PhlipElder said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

Cisco/Umbrella/OpenDNS instructions to block DoH.

Well it involves security and Cisco doesn't like security.

IRJ

So I am thinking this makes search engine data much more valuable when your ISP isnt able to sell your information as easily.