Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT

Google released Chrome 83 on Tuesday after skipping version 82 entirely due to coronavirus-related challenges, bringing with it security for DNS queries, a revised extension interface that developers dislike, and a few other features.

The latest iteration of Google's browser implements DNS-over-HTTPS (DoH), a way to prevent domain-name queries from being observed on the network, between the browser and the DNS server, at least. Traditionally, DNS queries and replies sent using TCP or UDP are not encrypted, even when internet users are interacting with websites over an encrypted HTTPS connection.

DoH was proposed to improve privacy and security by wrapping TLS encryption around the DNS queries that convert human-friendly domain names, like theregister.com, into network addresses computers can connect to, such as 104.18.5.22.

Google has been testing DoH since Chrome 78 last year, and is now rolling it out proper. Mozilla has been doing the same in its Firefox browser, and in February made DoH available to US Firefox users by default.

Not all smiles and sunshine

The technology remains controversial because some people and organizations expect or demand less privacy in certain scenarios.

Paul Vixie, CEO of Farsight Security and developer of several DNS protocol extensions, has argued for DNS-over-TLS (DoT), an alternative query protection protocol because it can be blocked by firewalls and controlled by systems administrators.

Cloudflare contends DoT is better from a network security perspective while DoH is better from a privacy perspective. The fact DoH provides corporate IT administrators with less visibility into network traffic isn't ideal when oversight is desired, it noted.

It's also not ideal for business models that benefit from network traffic snooping. Last summer, the UK Internet Services Providers’ Association nominated Mozilla as the internet's 2019 villain of the year due to concerns its DoH implementation would bypass British internet filters and parental controls. Though the trade group backtracked, both Mozilla and Google have had to convince lawmakers in the US and UK that DNS privacy won't lead to the unrestrained transmission and receipt of unlawful content.

DNS-over-HTTPS primarily stops ISPs and others on the network path snooping on DNS queries to hit subscribers with targeted ads based on the sites they've visited, though it has other benefits. For instance, it stops miscreants on the network path silently tampering with domain query results to redirect people to password-stealing imitation websites, or unexpectedly blocking look-ups. It also reassures the browser it is speaking to the DNS server it was expecting.

Enterprise excepted that is

Aware of the needs of corporate network administrators to have visibility on their users' activities, Kenji Baheux, Chrome product manager, said in a blog post that Chrome will disable DoH in managed environments that declare relevant enterprise policies.

"We’ve also added new DNS-over-HTTPS enterprise policies to allow for a managed configuration of Secure DNS and encourage IT administrators to look into deploying DNS-over-HTTPS for their users," said Baheux. "We believe that our approach strikes a good balance between moving security and privacy forward and maintaining user expectations."

Chrome 83, initially available for Chrome OS, Windows and macOS, with Android and Linux updates coming soon, will automatically activate DoH if the user's current ISP supports it. Users can also configure a secure DNS provider in the Advanced security menu, or disable it completely.

Google's Chrome developers have reworked various browser Privacy and Security settings menus, to make cookie management and sensitive permissions like location, camera, and microphone access more easily accessible. Finally, Incognito mode will block third-party cookies by default.

Also, the “Clear browsing data” control has been moved to the top of the Privacy & Security settings menu "because many people regularly delete their browsing history," explained senior product manager AbdelKarim Mardini in a blog post.

A Safety check section has been added so that Chrome users can click the "Check now" button to see if any of their Chrome-stored passwords have shown up in Google's database of publicly exposed credentials.

Google's extension issues

The browser also supposedly checks for compromised extensions, presumably those flagged by Google after days or months of misbehavior – the Chrome Web Store hasn't been known for catching malicious extensions before they can do harm, though that's a goal of the company's ever tightening developer rules and Manifest v3 API hobbling.

The update adds a new puzzle icon in the Chrome toolbar to access a reworked extensions menu, or will eventually – the extension interface change isn't evident in the Chrome 83 we've seen, suggesting the alteration will get rolled out independently. "It’s a neat way to tidy up your toolbar, and gives you more control over what data extensions can access on sites you visit," said Mardini. "With this addition, you’ll still be able to pin your favorite extensions to the toolbar."

But Chrome no longer pins extensions to the toolbar by default, a change of convention that hasn't gone over well with Chrome extension developers. When Google initially discussed the revised extension management interface, those making extensions objected because requiring users to take action to pin an extension so it's always visible makes interaction less likely.

Last week, Chrome extension developer advocate Simeon Vincent acknowledged that concern and said Google would do nothing to accommodate it.

"Many commenters have expressed reservations about action buttons being unpinned by default," he wrote in a forum post.

"We understand this concern. An extension's action in the toolbar is an important interaction mechanism, and we don't intend to decrease extension usage. However, after several discussions and lengthy consideration, we think that leaving actions unpinned by default is the best course for our longer-term plans for the Chrome extension platform."

That left extension developers grumbling that Google never had any intention of testing the feature or incorporating developer feedback. ®