Solving a Perceived Privacy Problem: How the Market Reacts to Innovate Solutions in the Absence of Government Action
Markets innovate in the absence of government action. The Federal Communications Commission attempted to regulate Internet Service Provider (ISP) privacy during the Obama administration because it claimed that ISPs knew too much about their users and could profit from selling a customer’s browsing history. But now, Mozilla and Google have announced a technology that addresses many of the concerns the privacy advocates raised when the FCC introduced the proposal in 2016.
Both Mozilla’s Firefox and Google’s Chrome browser will be switching, soon, to a technology known as DNS over HTTPS (DoH). In the shortest terms possible, DoH encrypts internet traffic at the browser and Domain Name Service (DNS) levels rather than just standard HTTPS encryption.
A bit of technical explanation may be necessary, to start. When the internet started, little-to-no traffic was encrypted. DNS translates text requests for websites into the numerical, or physical, address. This means when someone types in “google.com,” DNS may translate that to “220.127.116.11” (one of the public IP addresses that Google uses).
Hyper Text Transfer Protocol (HTTP) provides the rules of the road for the World Wide Web, telling browsers and servers what should happen when an address is requested. But standard HTTP is not encrypted. This means that pretty much anyone involved in the internet’s delivery process can view a person’s browsing habits.
Eventually, developers added a secure layer, called Hyper Text Transfer Protocol Secure (HTTPS). This secure layer encrypts traffic between a client (the user) and a web service, essentially hiding the body of messages, the headers and query parameters. The secure layer prevents entities, such as ISPs, from viewing much of an individual’s browsing habits.
But there are still weaknesses where services other than ISPs can access information about a consumer’s browsing habits. A DNS resolution and connection set up can still reveal some high-level details such as the originating computer and the website sought. Over the course of time, if someone does not clear his or her browser’s cookies or cache, companies can build a profile of that person’s browsing habits.
This is where DoH represents another layer of security, when it is implemented. Browsers, such as Google Chrome and Mozilla Firefox, have worked on securing agreements from companies to help hide people’s information from DNS providers. In the case of Google, it can use its own DNS provider, while Mozilla has reached an agreement with Cloudflare. In either case, when the technology is enabled, the browser will establish a secure, encrypted connection with a DNS provider. The DNS provider has agreed not to track the requests and to minimize the amount of data transmitted from the consumer.
Not only would DoH solve the “problem” of ISP privacy, it would also help promote principles of net neutrality. By obscuring internet traffic at the browser level, no one — government, third parties nor ISPs — would be able to “see” a user’s specific internet browsing habits.
Internet browsing technology has moved more and more toward encrypted traffic. Encrypted traffic promotes greater communication, facilitates online transactions and provides greater individual privacy. Throughout the history of the internet, innovators have recognized problems and solved them. Innovators understand that too many people and companies may snoop on consumers’ internet browsing habits. Without government intervention, these innovators crafted a solution to the perceived privacy problem in a way that will benefit consumers.