Android Is Adding 'DNS Over TLS' To Encrypt Website Name Requests
In an effort to boost security on Android devices, Google is testing a feature called DNS (Domain Name Server) over TLS (Transport Layer Security) to protect users from hackers who might be spying on a site's traffic, according to the Android Open Source Project (AOSP). This experimental feature is currently fielding comments at the Internet Engineering Task Force (IETF). an Internet standards group.
The DNS over TLS protocol encrypts DNS inquiries to same level as HTTPS, effectively blocking cyber snoops from logging or otherwise seeing the websites that users visit. HTTPS alone does not offer users full privacy, as without DNS over TLS, an attacker can look at DNS requests and guess which websites the user is visiting. How so?
DNS is like an address book for websites, in that it translates site names into IP addresses. Even with HTTPS, this process is is done in plain text through UDP or TCP protocols, leaving destination addresses readable in plain text.
With the encryption to DNS queries that DNS over TLS applies, attackers are not able to see or log websites that users visit. Working in conjunction with HTTPS offers a greater level of privacy and protection to users from potential outside threats. As it stands, around half of all website traffic is encrypted, so adding DNS over TLS affords users greater peace of mind.
Bear in mind that this feature alone does not mean full privacy for Android users. Most DNS does not support this feature. Android users will still need to change the mobile DNS on their phone, which requires root access. In addition, Internet Service Providers (ISPs) can still see traffic coming from a device. If that level of privacy and anonymity is needed, users should enlist a virtual private network (VPN) app.
Thumbnail Image Source: Flickr (Cory M. Grenier)
The DNS over TLS protocol encrypts DNS inquiries to same level as HTTPS, effectively blocking cyber snoops from logging or otherwise seeing the websites that users visit. HTTPS alone does not offer users full privacy, as without DNS over TLS, an attacker can look at DNS requests and guess which websites the user is visiting. How so?
DNS is like an address book for websites, in that it translates site names into IP addresses. Even with HTTPS, this process is is done in plain text through UDP or TCP protocols, leaving destination addresses readable in plain text.
With the encryption to DNS queries that DNS over TLS applies, attackers are not able to see or log websites that users visit. Working in conjunction with HTTPS offers a greater level of privacy and protection to users from potential outside threats. As it stands, around half of all website traffic is encrypted, so adding DNS over TLS affords users greater peace of mind.
Bear in mind that this feature alone does not mean full privacy for Android users. Most DNS does not support this feature. Android users will still need to change the mobile DNS on their phone, which requires root access. In addition, Internet Service Providers (ISPs) can still see traffic coming from a device. If that level of privacy and anonymity is needed, users should enlist a virtual private network (VPN) app.
Thumbnail Image Source: Flickr (Cory M. Grenier)
