DNS over HTTPS is coming whether ISPs and governments like it or not
The penny has finally dropped inside ISPs and governments that a privacy technology called DNS over https (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.
In the UK, this matters because under the 2016 Investigatory Powers Act (IPA), ISPs are required to store a record of which websites citizens visit for the previous 12 months, which is done by noticing Domain Name System (DNS) requests, e.g. to xyz.com.
DNS over HTTPS (and its close relative DNS over TLS, or DoT) makes this impossible because it encrypts these requests – normally sent in the clear – hence the panic reported in a recent Sunday Times article (paywall).
For more detail on how DoH/DoT works, read our previous coverage on the topic. The takeaway, however, is that Britain's National Cyber Security Centre (NCSC), and probably the US Government think its unexpectedly rapid evolution imperils the monitoring of terrorism and other illegal content.
Big ISPs also worry it will interfere with complex Content Delivery Network (CDN) traffic caching, make customer management through support and captive portals difficult, and leave them fielding calls from unhappy customers when the third-party DNS servers offering DoH fall over.
Confusingly, the Sunday Times story also says DoH will stymie the UK's controversial porn block, which enforces age checks before adults can visit big porn sites, although it's not clear how – encrypting DNS hides the domains people visit but not inherently the fact web requests are being made from UK ISPs (although it would stop ISPs from implementing their own domain filters).