Microsoft Windows 10 To Natively Support DNS Over HTTPS Encryption And Obfuscation Technique Making Internet Traffic Monitoring Near Impossible

Microsoft Windows 10 will natively and intrinsically support DNS over HTTPS protocol. It is an important privacy protection methodology, which makes it near impossible for even Internet Service Providers (ISP) to monitor internet traffic. DNS over HTTPS is an intensely contested technology, but is being increasingly taken into consideration by Google, and is already existent in the Mozilla Firefox web browser.

Microsoft appears to have taken a rather big pro-privacy and consumer rights issue. The company’s latest operating system, Windows 10, would soon have one of the biggest internet privacy technologies. The hotly debated DNS Over HTTPS encryption methodology successfully encrypts, hides or obfuscates internet traffic in such a way that even the last-mile internet connectivity provider cannot snoop on the internet traffic. Google is currently testing the same for its Chrome web browser, while Mozilla has already implemented the same within the Firefox web browser.

What Is DNS Over HTTPS And How Does It Work?

DNS Over HTTPS is a rather new technology that is quickly emerging as one of the most important last-mile defensive techniques to protect the privacy of internet users. Technical jargon aside, the privacy technology effectively encrypts DNS connections and hides them in the common HTTPS traffic. Simply put, the DNS request made by internet users too is relayed or transmitted through the secure HTTPS protocol. DNS requests are basically any attempt by internet users to reach a website.

Despite significant improvements in online security and privacy, DNS requests are still sent over plaintext UDP connections. This means the ISPs can easily monitor internet traffic and deploy multiple techniques to either block traffic or monitor the websites visited by users. The data relayed over the internet is significantly encrypted as the majority of websites are quickly opting for HTTPS over traditional and less secure HTTP protocol. Hence it makes perfect sense that even the initial DNS request be made over the same highly secure HTTPS standard.

DNS over HTTPS is different from a VPN. Firefox web browser users can set Cloudflare as their DNS over HTTPS provider. Currently, only companies that offer a legally binding DNS resolver policy which stipulates a limit on their data use and retention policies, are able to join the list. On the other hand, users can disable or not activate DoH in Firefox to handle situations such as enterprise split-horizon DNS where a domain resolves differently depending on where the query originates from.

Microsoft Following Firefox And Challenging ISPs To Treat Privacy As A Human Right:

The DNS over HTTPS protocol (IETF RFC8484) can be built directly into apps. In other words, each application can choose to deploy its own DNS resolvers rather than depend on the operating system. But with Microsoft embedding the encryption methodology directly into Windows 10, any and all applications and web browsers installed on the PC should gain the ability to mask or encrypt DNS requests.

Given the nature and abilities of DNS over HTTPS protocol to completely obfuscate online behavior and data, it has come under heavy scrutiny and resistance from ISPs and security services. Many from the legal community claim the protocol could be used to bypass filtering obligations and parental controls, thereby impeding safety standards and possibly, investigations. It is quite likely that DNS over HTTPS could be extensively used by criminals or even everyday users to visit banned or censored websites.

Despite the controversy, Microsoft has indicated that they will be doing the hard work themselves and building the technology directly into Windows 10. Speaking about the same, Windows Core Networking engineers Tommy Jensen, Ivan Pasho, and Gabriel Montenegro said DoH in Windows “will close one of the last remaining plain-text domain name transmissions in common web traffic.” Microsoft added that it was worth the price [of courting controversy], saying it has to treat privacy as a human right and has to have end to end cybersecurity built into products.

Owing to the very nature of the encryption technology, and its abilities, it will be interesting to see how Microsoft moves ahead to implement DNS over HTTPS within Windows 10. The company has been making some rather interesting choices lately, and this is certainly one of them.


Close