The economy of surveillance capitalism and a world of paranoid apps will transform the Domain Name System (DNS), says Geoff Huston, chief scientist at APNIC Labs, part of the Asia-Pacific Network Information Center.
Knowing the domain names of websites you visit or servers that applications access on your behalf is valuable information. DNS traffic is particularly valuable because it reflects what users are doing in real time.
“The names you asked for, and when you ask for them, say a lot about you,” Huston said during his presentation at the APNIC 52 conference on Wednesday.
“The network is betraying you. You’re leaving big, dirty, muddy footprints on the carpet, mate. We can see where you’re going. And that’s the problem,” he said.
“Real-time data, right here, right now. Not last week, not last month. This second. You couldn’t be more valuable.”
Others with nobler motives also monitor DNS traffic, looking for telltale signs of malicious activity, such as rapidly changing domain names used by botnets.
And as Edward Snowden revealed in 2013, members of the Five Eyes signal intelligence agencies are also keen to suck up all that DNS traffic.
“All kinds of people are actually spreading DNS information everywhere,” Huston said.
“The problem is, it doesn’t matter what your motives are, good or bad. Sniffing is sniffing. A privacy breach is a privacy breach, no matter what color hat you’re wearing. is not good.”
Privacy graft on decades-old protocols
The basic DNS protocols date back to the 1980s and are based on a domain name structure that was developed in the 1970s. Everything happens in the open, without encryption.
“How do we stop people crowding around the digital tailpipe sniffing those fumes?” asks Houston.
There are methods to prevent third parties from spying on your DNS traffic, but they haven’t been widely adopted.
One way to make DNS monitoring more difficult is to use an open public DNS server, such as Google 220.127.116.11, Cloudflare 18.104.22.168, OpenDNS or Quad9 rather than your local ISP’s servers – as ISPs have been known to sell their DNS logs to advertisers.
This can be combined with using an encrypted DNS connection, such as DNS over TLS, DNS over HTTPS (DoH), or DNS over the lighter QUIC protocol.
If you do that, you’re doing a “pretty good job” of hiding in crowds, Huston said.
“But this first part of the market? I have to trust Google. Yeah, okay. I have to trust the very people who are experts in putting my profile together.”
In other words: if we have to compromise our privacy for the benefit of a third party, which third party represents the least risk for us, now and in the future? It’s a tough choice.
But wait. Maybe we don’t have to compromise our privacy at all.
Enter Oblivious DNS, a cryptographically private DNS namespace
An innovative solution is Oblivious DNS, first written as a draft engineering standard in 2018 and as an official document [PDF] in 2019.
“The concept is delightfully simple,” Huston wrote in 2020, though some might take issue with his use of the word “simple” once they read his explanation.
ODNS uses a chain of DNS servers interacting through an encrypted transaction pipeline. The details will be fascinating to DNS aficionados, but the overall strategy is easy to explain.
The DNS server close to you knows who you are, so it can return the answer to you, but not what your query was because it is encrypted.
The DNS server on the other end knows what DNS query it needs to resolve, because you used that server’s public key to encrypt the transaction, but not who requested it.
A similar approach called Oblivious DoH (ODoH), described in a draft standard in 2020, wraps the entire DNS transaction in an encrypted envelope.
The advantage of ODoH is that it doesn’t try to cram everything into the existing DNS packet format, which means it can be slightly more elegant. The downside is that it requires a separate infrastructure from the existing DNS.
But why would anyone pay for all this?
Huston’s future of bloated and paranoid apps
“In economic terms, DNS is a wasteland,” Huston told APNIC 52.
“I don’t pay for queries, you don’t pay for queries. Who funds all of this? Well, my ISP funds a lot of it. And it kind of comes out of what I pay them,” he said. -he declares.
This means that ISPs have no incentive to improve DNS privacy.
“For ISP fees, DNS becomes part of Mr Cost, it’s not Mr Income, and so there’s a lot of resistance to making Mr Cost fat because that’s how you’re essentially killing your business. ”
Public servers exist, but who funds them? And how many users will change their DNS settings on their devices anyway?
“In some ways, improving the DNS is a labor of love. It’s not a job for wealth and profit,” Huston said.
“Most people just use their ISP’s resolver, because that’s the one you’re paying for, and they’re the only person that has an obligation to do it for you… So overall, open DNS resolvers aren’t really going to take the DNS and run away through the hills.”
Huston thinks there’s one place where privacy-protecting DNS protocols might take hold, although not to your benefit: inside apps on your devices.
Facebook’s mobile app, for example, weighs over 200 megabytes because it contains a full operating system, including a full network stack.
“Facebook is paranoid about a number of things. It’s paranoid about the platform spying on it. It’s paranoid about other apps on the same platform spying on it. Facebook app,” Huston said.
“Facebook is incredibly valuable. It has spent a lot of time and money understanding me and creating a profile of me that it can sell to advertisers. The last thing it wants to do is give this information to anyone. whatever else. It’s their data,” he said.
“Applications that separate from the DNS infrastructure as we know it are an inevitable, short-term future.”
Huston sees this progression as part of larger historic waves of change that “have been unfolding before our eyes right now.”
The Internet has gradually transformed from network-centric services to platform-centric services and then to application-centric services.
“DNS gets swept up by this, and almost every part of DNS changes as soon as DNS gets sucked into the application space,” he said.
“A single consistent namespace? No, historical garbage. Because then the whole namespace becomes application-centric, and different applications will have a different namespace to suit their needs.”