Between privacy and security, the challenge of DoH and DNS resolvers

Three large non-EU companies, small European ISPs and volunteer groups offer access to public DNS. Users use them, and encryption protects their connections. It is more difficult to violate privacy but also to intercept internet traffic. Sooner or later, even states will take notice by Andrea Monti – Originally published in Italian on Strategikon, an Italian Tech blog. and are the IP numbers —the ‘plates’ assigned to every computer connected to an Internet network — that identify  of Google and Cloudflare’s DNS resolvers.

Together with Cisco Systems’ Open DNS  208.67. 222.222 e 208.67. 220.220  and  those managed by smaller providers, including European ones (DNS Watch) and by volunteers (OpenNIC), they can be freely used to convert the names of websites (the ‘domain names’) into numerical addresses. This conversion is what makes possible to locate reach the servers to which one wants to connect.

It is not compulsory to use these services because (also in Italy) every access operator and internet provider provides its users with the appropriate DNS. However, the use of foreign DNS resolvers is growing. The main reasons lie in a (supposedly) greater privacy in navigation. Also these public resolver are supposed (but not necessarily so) to improve the the connection to the site requested by the user. In other words, if a user chooses one of these resolvers, when he types in the browser ‘’, the host of the newspaper could be (depending on which Italian operator is used) faster than what would happen using other national resolvers.

Apart from the performance, which in reality is not necessarily better than the local equivalents, a further ‘advantage’ of using  foreign DNS resolvers is that they do not have to comply with global interception orders of Italian Internet traffic (the so-called ‘obfuscations’) issued by the judiciary, independent authorities and agencies such as the Customs Agency. Those foreign public resolvers, therefore, make it possible to reach network resources with inhibited access from Italy.

Moreover, the support for the DoH (DNS-over-HTTPS) standard prevents requests for conversion from domain name to IP number (the queries) from being ‘intercepted’ and blocked in transit. That happens by making the HTTPS protocol ( the same protocol whose implementation is signalled by the ‘padlock’, which appears on the browser’s navigation bar to indicate that the connection with a given site is secure) working also with queries. Plus, although with various nuances, resolvers (including Italian ones) do not store the IPs of users who connect, nor do they permanently associate them with the site the user has searched.

On the one hand, this way of configuring the resolver respects the user’s ‘privacy’. On the other hand —when the service is located abroad— it constitutes an obstacle to the prevention and repression of illegal activities committed via the Internet.

Should we, therefore, prohibit the use of foreign DNS resolvers that allow DoH to enable law enforcement? Alternatively, should we tell the judiciary and public authorities to surrender to the fact that ‘privacy’ cannot be sacrificed because, paraphrasing the famous quote from Deadline – U.S.A., ‘That’s the press, baby. The press! And there’s nothing you can do about it!

It is the umpteenth chapter in the contrast between two irreducible needs: the State’s duty to guarantee security and the repression of crimes and respect for individual rights. Both are demands of absolute value and, as such, non-negotiable and non-sacrifiable. At least, according to the most radical supporters of the respective positions.

Others claim that privacy and security can be combined and that there is no need to sacrifice the former to obtain the latter. However, even this is only a rhetorical device because it is a fact, even before being a right, that the protection of individual claims must yield in the face of other rights, public interests, and the needs of the State. Even taking a life, for example, in self-defence, is behaviour that can be justified.

So, the question is not whether we are willing to accept limitations in the space for personal protection but to whom we give the power to do so. In other words, the point is how much we can trust the State of which we are citizens and to what extent we are confident that the inevitable compression of individual rights is aimed at protecting the community and not at achieving systematic repression of individual freedoms. Therefore, a political issue and not a legal one arises: are we or are we not afraid of the State? The spread among Italian users of foreign DNS resolvers using the DoH will affect the parliamentary and governmental answer to this question .

Also with the DoH enabled, an Italian operator can still comply with the orders of the authority. However, if it will no longer be possible to force Italian operators to filter traffic to specific sites by intervening on their resolvers, the government will deem necessary to adopt obvious, albeit unpopular, legal choices.

One option would be to make a criminal offense using the DoH without providing a justified reason. This choice would imply affirming the principle that people are guilty until proven innocent and therefore subjecting the population to systematic and preventive control. It clearly cannot work.

Users could then be required to use only the resolver of their access operator. We have seen this before, especially in mobile sector, and it did not have a happy ending.

Instead, it would be helpful to regulate the matter at the European level to avoid the current distorting effect on the Italian market to the advantage of foreign operators by laying down standard rules for the provision of services based on public resolvers.

Whatever the solution, the risks are apparent: Balkanisation of the Internet, reduction of the levels of neutrality in access, the interposition of control systems between the user and the ‘incriminated’ network resource. In short, an approach already widely practised in countries with limited democracy.

As far as Italy is concerned, there is time to decide on a rational and transparent basis, entrusting it as far as possible to the public debate and avoiding to stay on the path of de facto delegating to telecommunications operators functions and activities that are the responsibility of the institutions. It would be a way of demonstrating that the State can (still) be trusted.

Leave a Reply

Your email address will not be published. Required fields are marked *