Chrome “Misinformation”: Why You Shouldn’t Rush Into DoH – Expert Advise

Google’s Chrome product manager recorrected “misinformation” and promised it won’t “force users to change their DNS provider” in upcoming builds of the browser. Yet, Chrome is still “optimistic about the opportunities DoH offers for improving user privacy and security”.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Ronan David
Ronan David , VP of Strategy and Business Development
InfoSec Expert
November 1, 2019 1:43 pm

While Chrome has ‘reassured’ users DoH will not be mandatory and the claim to protect internet users’ privacy with DoH is true, its support of DoH is questionable.

Yes, the traffic between the clients and the service is encrypted so malicious parties cannot view it, but queries are performed unencrypted – queries which hold sensitive data. Data which will most certainly be processed for various, yet undisclosed, purposes.

Let’s also go back to basics. DNS remains one of the least secure internet protocols. So yes, DNS traffic encryption may take off, but many organisations would do well to perhaps first ensure they have purpose-built security in place to protect the DNS from malicious intruders before they look to enhance its capabilities.

Last edited 3 years ago by Ronan David
1
0
Would love your thoughts, please comment.x
()
x