Google to test DNS-over-HTTPS in Chrome 78

Google plays catch-up after Mozilla announced plans to introduce DNS-over-HTTPS by default in Firefox

Google has announced plans to trial DNS-over-HTTPS in Chrome 78 just days after Mozilla announced plans to enable the privacy feature by default for US users in the Firefox web browser.

DNS-over-HTTPS is a protocol for performing DNS resolution via the HTTPS protocol, increasing user privacy and reducing the risk of eavesdropping. It will also, according to the Internet Watch Foundation, effectively bypass ISP-level blocklists.

"As the name implies, the idea is to bring the key security and privacy benefits of HTTPS to DNS, which is how your browser is able to determine which server is hosting a given website. For example, when connected on a public WiFi, DNS-over-HTTPS would prevent other WiFi users from seeing which websites you visit, as well as prevent potential spoofing or ‘pharming' attacks," according to a blog post on the Chromium project, introducing the plan.

With Chrome 78, Google is planning to conduct an experiment, starting with a check on whether the the browser is using one of six DNS providers that support DNS-over-HTTPS - Cleanbrowsing, Cloudflare, DNS.SB, Google, OpenDNS and Quad9. Chrome 78 will then switch a selected number of users over. The experiment will run on all platforms supported by Chrome, except Linux and iOS.

In contrast, Firefox is planning to shift its browser users to Cloudflare's DNS service.

"By keeping the DNS provider as-is and only upgrading to the provider's equivalent DNS-over-HTTPS service, the user experience would remain the same. For instance, malware protection or parental control features offered by the DNS provider will continue to work. If DNS-over-HTTPS fails, Chrome will revert to the provider's regular DNS service.

"Opting-out of the experiment will be possible from Chrome 78 by disabling the flag at chrome://flags/#dns-over-https," the Chromium blog continues. Managed Chrome deployments ought to be excluded from the experiment.

Chrome product manager Kenji Baheux described the move as a "humble first step of a long collaborative journey to improve our users' privacy, security, and safety".

However, another reason for Google to support the shift to DNS-over-HTTPS is that it will also bypass the kind of content-blocking controls that users might be using to block advertising. Other critics have suggested that a move to DNS-over-HTTPS ought to be enabled at the operating system-level, rather than by web browsers.