So far, providers such as Telekom control the so-called telephone book of the Internet. Among other things, they determine which pages users are allowed to access. But now Google and Mozilla are using this expertise.
he in his Internet browser the name of a website and the Enter key is pressed, one of the oldest services using the Internet in this moment: the Domain Name System (DNS). It translates the domain name, in this example “myxbeliebigebank” and the following country suffix, the well-known “de”, into a computer-readable server address. The result in the test case is then “184.108.40.206“.
Thus, the system called DNS briefly works like a directory for addresses or a telephone book. Instead of remembering complicated numbers, the user can simply look up under a name. And while the phone book for the name Max Muller from the Mustermannstrabe spit out exactly one phone number, the DNS ensures that an easy-to-remember Internet address is properly connected to a cryptic number.
This process happens via so-called DNS servers. They are virtually the pages of the modern telephone book and ensure that the easy to remember Internet address also fits the correct cryptic number combination. If the user enters an Internet address, this URL is forwarded to a DNS server, which forwards the user to the corresponding IP address – and thus to the Internet page.
So far, providers such as Deutsche Telekom or Vodafone provide these DNS servers for their customers. But that should be over. At least, if it goes by the will of the two browser manufacturers Google and Mozilla . Their argument: The classical DNS service had become uncertain. Therefore, in simple terms, they want to control the phone book themselves and hide the address requests of their users from potential readers and eavesdropping.
Insecure WLANs in hotels and cafes
However, they are trying to gain some basic network expertise that was previously reserved for ISPs.
Because they can track the operation of the DNS server exactly where their customers are surfing the net – even more: they can influence where their customers are not allowed to surf by blocking entries in their phone book. The typed Internet address then no longer leads to the desired cryptic number combination and the user goes into digital nothingness.
Providers in the UK, for example, are already blocking various porn sites or access to sites where illegal pirated copies are exchanged. Various child protection systems are also based on blocking certain addresses at the level of the DNS server. Anyone using an Internet connection with activated protection filters will be redirected to an error or blocking page when entering a blocked address.
But even criminals like to take advantage of the fact that the domain name system is over 30 years old service without security features. The standard technique for criminals is called ” DNS hijacking “. This attackers pretend to their victim a manipulated DNS server as the right – and then deliver the wrong address to a request. Tax users then the Internet address, then they suddenly no longer land on the side of a bank, but on a fake page of the attackers. The goal: The criminals want to get there to the login data of unsuspecting users.
DNS security is a particular problem, especially in hotel WLANs or public cafés. Because there the users of the Internet connection do not know who controls the DNS server. For example, inquiries could first be routed through the server of a hotel chain. Do others spy on where users are surfing? That remains unclear.
Google also wants to activate DoH
As a society, you have to balance private security interests and public security interests,” comments Mitchell Baker, Chair of the Mozilla Foundation , in an interview with WELT. “We believe that this aspect of private security outweighs, but are in talks with the providers.” Nevertheless, Mozilla already distracts and wants to eliminate the new DoH service in environments with active child protection filters. Initially, DoH will only be activated for US users anyway.
Google also wants to activate DoH in its browser, Google Chrome, in the future, and has already tested the function in recent weeks. The result: The Internet providers also protested in America – and promptly Google became the target of US policy. The lobby organizations NCTA, CTIA and US Telecom jointly argued that Google is using its market power to deny them users’ surfing data.
In the US, it has been customary for providers to evaluate their users’ surfing data for targeted advertising – or even to redirect it to their own advertising platforms via DNS hijacking. In view of this, the associations are well aware that their argument “DoH is mean because we can no longer spy on our users” at least sounds a bit absurd. That’s why they also campaign against the US Congress for the protection of minors and the fight against Internet piracy.