Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Android Censorship Google Privacy

Alphabet's Intra App Encrypts DNS Queries To Help Users Bypass Online Censorship (zdnet.com) 65

Catalin Cimpanu, writing for ZDNet: Jigsaw, a technology incubator created by Google and operated as a subsidiary under the Alphabet brand, has released today an Android app named Intra that can encrypt DNS queries as a protection against DNS manipulation at the ISP (internet service provider) level. DNS manipulation is one of the most common forms of online censorship used by oppressive regimes or unscrupulous ISPs, used to block access to news sites, information portals, social media platforms, undesirable software, and more. Intra protects against DNS manipulation by keeping DNS traffic hidden from third-parties with state-level surveillance capabilities, such as internet service providers in countries with autocratic regimes. Reports suggest that Alphabet tested the app with a few dozen political activists in Venezuela before the global roll-out.
This discussion has been archived. No new comments can be posted.

Alphabet's Intra App Encrypts DNS Queries To Help Users Bypass Online Censorship

Comments Filter:
  • by Anonymous Coward on Wednesday October 03, 2018 @05:04PM (#57421078)
    Where your DNS queries will be logged by Alphabet and turned over to the proper authorities for consideration, comrade.
  • Encryption, so all this really does is raise a huge red flag when all those dns queries start reading as gibberish.

    The only real way this would work is say encryption+steganography inside of images sent via a regular http/https service that had no reason to be blacklisted by the country's authorities. Even then, as soon as the cat is out of the bag to one official it can be used to track down all those people who were using it there, assuming metadata collection.

    • by viperidaenz ( 2515578 ) on Wednesday October 03, 2018 @05:29PM (#57421212)

      It's not encrypted data sent in regular DNS queries, it's DNS over HTTPS. Like what Firefox started doing.
      From a network monitoring point of view, it's regular HTTPS traffic.

      • by Anonymous Coward

        MITM all https connections using their own certificates, in that case encrypted dns of this form would not work anyways. Other countries connection reset or redirect to a 'banned in our country' page. This doesn't help censorship in any of the majority countries, and simply pushes them to tighten down, either by limiting the websites themselves, or their connections to the outside world. Or the third possibility, which this helps benefit: selling more Deep Packet Inspection hardware to censoring regimes.

  • by CranberryKing ( 776846 ) on Wednesday October 03, 2018 @05:25PM (#57421186)
    at first. Google? Fighting Censorship? Give us a break.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      It's only to funnel the traffic to THEIR encrypted DNS network so THEY can gather all the metadata not the pesky governments (apart from a list of approved governments who get their share of course).

    • by AmiMoJo ( 196126 )

      It's almost like your model of treating a vast multi-faceted company like Alphabet/Google as a single monolithic block with entirely consistent behaviour and morals is somehow flawed.

  • TCP/IP and UDP through a DNS tunnel using HTTPS.

    Thanks Jigsaw.

  • > DoH keeps third-party observers from knowing what websites a user is trying to access.

    But isn't this information normally exposed by the TLS SNI extension anyway? You'd probably need to run a VPN to escape this particular risk.

  • by Anonymous Coward

    This is stupid, because the second you connect in any way to the target IP address, that's recorded, and it really doesn't matter what your DNS query was.

    Even if your target is a computer that hosts multiple domain names, it's decrypted anyhow, by the DNS service.

    You don't have any privacy, and Alphabet is named aptly - Alphabet agency, they work for the intelligence agencies, and they have shown, REPEATEDLY, they will gladly engage in censorship.

    • The encryption of DNS insures your ISP cannot utilize a MITM attack on your DNS query. Privacy isn't being addressed here. It's a security issue
  • by nuckfuts ( 690967 ) on Wednesday October 03, 2018 @05:59PM (#57421352)
    So it's not enough that Google tracks you via web browsing, Android phones, search queries, gmail, etc. Now they want you to use their DNS so they can track EVERY connection you make over the Internet, regardless of whether it originates from one of their products.
    • So it's not enough that Google tracks you via web browsing, Android phones, search queries, gmail, etc. Now they want you to use their DNS so they can track EVERY connection you make over the Internet, regardless of whether it originates from one of their products.

      To be fair, unless you're running your own DNS server, someone is already processing, and probably tracking, all your DNS requests, be it Google, Cloudflare (another thing to disable in Firefox - thanks Mozilla), your ISP, etc ... depending on your network settings. I currently use my ISP (Cox) as my primary DNS resolver with Google's 8.8.8.8 as my secondary. I'm sure Cox logs and retains stuff (some of it as the law requires). Granted, using Google as your DNS resolver would give them *another* data set

      • Re:Google Tracking (Score:4, Interesting)

        by khchung ( 462899 ) on Wednesday October 03, 2018 @07:01PM (#57421568) Journal

        To be fair, unless you're running your own DNS server, someone is already processing, and probably tracking, all your DNS requests, be it Google, Cloudflare (another thing to disable in Firefox - thanks Mozilla), your ISP, etc ...

        This is NOT a fair comparison.

        Your ISP already knows the destination of every IP packet you sent out, using the ISP's DNS only provide a little bit more information (the hostname you used) to them.

        Most ISP do not have the analytics capabilities of Google, nor would most ISP correlation your internet activities across all your devices, INCLUDING THOSE NOT USING YOUR ISP'S LINK, such as your mobile phone.

        Claiming "someone" will get the data anyway is obscuring the fact that Alphabet's main business as a data broker. My data scattered around 10 different companies gave me better privacy than having the same data collected by Google.

        • by AmiMoJo ( 196126 )

          These days a lot of sites share an IP address via services like Cloudflare that offer caching and load balancing. So IP addresses alone aren't nearly as useful as seeing the hostname in the DNS query.

          Google claims that it doesn't log DNS requests. Legally it isn't required to do so in some jurisdictions, because the relevant laws only apply to ISPs. Same situation for VPN providers. I suppose that being evil they must be lying, but at least in theory they are able to offer greater privacy than your ISP who

    • by AmiMoJo ( 196126 )

      No actually, they let you freely configure the DNS server of your choice. It seems to come with Google and Cloudflare pre-configured but there is an option to enter any server you like.

      There is actually a screenshot of the configuration screen showing this in TFA.

      • Just because they allow you to opt out doesn't mean they don't use it for tracking if you DO use their servers.
  • by CanadianMacFan ( 1900244 ) on Wednesday October 03, 2018 @08:17PM (#57421880)

    From the article:

    "Intra is easy to install and run right away, and comes pre-configured to funnel encrypted DNS queries to Google's DoH-capable DNS servers by default. Users can also switch to Cloudflare's DNS system, or use a custom DoH-capable server as well."

    Though only two browsers support this so I don't know why you would use it. Just use a VPN and everything from every app would be hidden.

    • by Anonymous Coward

      Yes, you can change it, but such is the power of the default that most will not. Source: https://en.wikipedia.org/wiki/Default_effect

    • by AmiMoJo ( 196126 )

      VPNs are banned or blocked in some places. It's much harder to block HTTPS connections because that would break most web sites.

      It is possible to exploit this fact to use Tor in places where it is blocked, like China. Route your data through an HTTPS connection to the Microsoft or Amazon cloud that is used by vast numbers of other sites and thus difficult to block entirely. Being cloud services the IP addresses rotate and change regularly.

  • Comment removed based on user account deletion
  • Google?

    You mean the one's who disappear content they don't like?

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Working...