Tech

Mozilla's DNS-Over-HTTPS Protocol Shows India Should Be Wary of Privacy’s Geopolitical Dimensions

Indian policymakers must be cognisant of the concerns posed by DoH in all its strategic dimensions.

In March 2020, the Indian government published a whitepaper on National Open Digital Ecosystems (NODEs). The paper solicited the public’s views on how better to build “open, secure and interoperable” digital platforms that could seamlessly provide e-governance services.

The consultation received thousands of comments, but Mozilla Corporation’s critical response to the whitepaper stands out for several reasons. In its comments, Mozilla brandished its credentials as one of the “oldest and largest open source projects in the world”, and excoriated New Delhi for not setting a “minimum baseline” for openness.

The government’s definition of “open”, Mozilla argued, was left vague and to the complete discretion of implementers. The baseline measures should conform to internationally accepted best practices, it concluded – nudging India’s babus to look in Mozilla’s own direction. Going through Mozilla’s comments, one would be forgiven for reminiscing that famous Sohrab Modi dialogue: “Tumhara khoon hai khoon?! Kya humara khoon pani hai?”

Righteous indignation aside, Mozilla’s concerns are legitimate when taken at face value. India’s digital “plumbing” has grown increasingly complex: first-generation technologies like Aadhaar have yielded to public digital platforms underpinning critical functions in banking (Unified Payment Interface) and taxation (Goods & Services Tax Network), and may also be introduced in other sectors like health, transportation and education. The Indian government is the custodian of some of these platforms (e.g., Aadhaar, DigiLocker, GSTN, National Health Stack) while for others, it performs a regulatory or supervisory role (e.g., UPI, Bharat Bill Pay).

These “digital public goods” are certain to invite a multiplicity of actors and spawn whole new ecosystems. Therefore, the government should not only ensure the platforms are accessible to all users and businesses, but also that they offer a level-playing field to entrepreneurs who want to build atop them. Equally important is the security of personal data that courses through the veins of these digital platforms, since it is shared both with public and private actors. 

New browser protocol

Still, Mozilla’s criticism would have been palatable had it not sat awkwardly with the corporation’s own recent efforts to create a closed digital ecosystem – one whose development has significant implications for the privacy of Indian citizens, and the country’s national security.

In February, Mozilla rolled out DNS-over-HTTPS (DoH) as the “default” option for users of its popular browser, Firefox. DoH is a protocol that encrypts the communication between a browser and “DNS resolver”, in an attempt to prevent third parties from figuring out one’s browsing patterns or history. 

Think of it as going through a public directory to find the address of your letter’s intended recipient. DoH-enabled browsing disguises your search for the recipient’s address as part of the sealed contents of the envelope. It is among the most consequential developments in the history of browsing since the creation of the HyperText Transfer Protocol in the nineties.

Also read: India’s Website Operators Cannot Delay Further – Turn on HTTPS Already

The HTTP revolution led to the creation of Netscape, and from Netscape, emerged Mozilla. Browsers were among the first sites of struggle over the commercial value of the internet. Microsoft won the “Browser Wars” with Internet Explorer, and established its digital supremacy by bundling together a closed ecosystem: Windows. History is repeating itself: only this time, India’s extraordinary growth as a digital economy over the last two decades throws its interests into the mix. Mozilla’s actions are a reminder that the debate on privacy or “open digital ecosystems” in India cannot be divorced from larger geopolitical developments that further the country’s dependency on external actors. 

Before identifying the stakes involved, a brief background is in order. The Domain Name System, or DNS, is colloquially referred to as the address book or directory of the internet. Every device connected to the internet is allocated an IP (Internet Protocol) address: once the user queries a domain name (www.google.com), the DNS guides requests from a user’s browser/app to the correct destination, by translating the domain name into a machine-readable IP address. The process by which a user’s browser or app retrieves the correct IP address of its destination from a DNS server is called “DNS Resolution”. 

Photo: Blogtrepreneur/Flickr (CC BY-SA 2.0)

(Who provides DNS resolution services? Here is a list of popular DNS resolvers, public and private, that are widely used in India. Needless to say, services such as Cloudflare and GoogleDNS loom large over the global market. The Indian government announced last year it will launch its own DNS server with “enhanced security features”, but that proposal does not appear to have progressed further.)

Although the lion’s share of web traffic today is encrypted, this is not so for DNS queries. Most internet users would have encountered the term ‘HTTPS’ while browsing: it is the protocol that enables secure communication across digital networks. When you head to https://www.gmail.com or https://www.onlinesbi.com, ‘HTTPS’ ensures the packets of data exchanged between you and Gmail’s servers cannot be read by a third party. Thus, your private correspondence or banking details, as the case may be, is protected from snooping. However, queries sent by a browser to a DNS Resolver are not encrypted. It is likely therefore, that DNS resolution services, Internet Service Providers or other network administrators will know your browsing records, although they may not have access to its contents. The new DoH protocol does exactly what it says: send DNS resolution queries over HTTPS, thereby encrypting them. 

Mozilla has, by its own admission, championed the DoH protocol in standards-setting institutions such as the Internet Engineering Task Force (IETF) since 2018. It is the co-author of RFC 8484 – RFCs are “Requests for Comments” inviting the technical community’s views on the specifications of a proposed protocol – which lays down the details and use-cases of DoH. Mozilla claims DoH will prevent DNS service providers from tracking and monetising browsing history, and prevent malicious actors from hijacking the DNS query and redirecting a user to a fraudulent website. The latter problem of DNS hijacking has become especially acute and increased in frequency over the years.  

How effective?

However, by enabling DoH in Firefox, Mozilla is hardly enveloping the world with the warm blanket of privacy. As several analysts have correctly pointed out, the DNS query could be encrypted but the communication between the user’s browser and destination website – after its correct address is retrieved from the DNS server – is still exposed to surveillance. Just as importantly, DoH implementation makes DNS queries invisible to network administrators.

The current business model for many websites thus offers ‘free’ content in exchange for personal data. Credit: Reuters

Representative image. Photo: Reuters

As an IETF informational report highlights, many public and enterprise networks monitor DNS queries for matches against lists of well-known malware command and control hosts: they are the first responders best-placed to understand the unique nature of threats their organisations (e.g., a bank or a school) face. Not to mention the fact that enabling this protocol essentially undercuts national laws or ISP policies prohibiting certain content.

Above all, DoH further centralises the Domain Name System, which is the lifeblood of the internet. Whether encrypted or not, DNS resolution still needs to function smoothly. If anything, the resolution of encrypted queries becomes even more important in the absence of monitoring by networks. For this purpose, Mozilla has identified a “Trusted Resolver”, that will be the default service responding to DNS queries through DoH. That resolver is the for-profit business, Cloudflare.

Mozilla has published a Trusted Recursive Resolver policy that claims to limit the uses to which DNS data can be harvested or utilised by Cloudfare and other future DoH resolvers. (Cloudflare and Mozilla began collaborating on DoH in 2018, while the TRR policy was published on Mozilla Wiki nearly a year after, leaving open the question as to how Cloudflare was “chosen” in the first place. The question here is not whether Cloudflare adheres faithfully to its policy, but that of Mozilla’s wielding its user base to negotiate terms with the former.)

Enabling DoH by default for millions of Firefox users – for now, the change is implemented only in the US, but Mozilla has acknowledged it will “gradually roll out [DoH by default] to all users” – effectively places them at the mercy of Cloudflare’s DNS security. That is a major concern, given that Cloudflare too has been affected by at least one serious data breach in the past. 

However, Cloudflare’s security credentials are not the sole concern for Indian internet users. It is the principle of centralis

ation that has now been operationalised by the DoH rollout. Google, which owns the world’s most popular browser Chrome, has also announced its support for the DoH protocol, and encrypted DNS lookups through Chrome will be routed through Google Public DNS. Microsoft plans to roll out DoH to Windows users soon, although it will not be enabled as the default option. Microsoft users can choose their “trusted” resolver, although the options for most will be limited to Cloudflare, Google, or Quad9.  

 

Representative image. Photo: Reuters

In other words, Mozilla has set in motion the mushrooming of closed ecosystems that further centralise the governance and operation of the Domain Name System. Historians of technology would recollect that the US government in 1998 contractually handed over the authority to edit, publish and distribute the “root zone file” – the authoritative list of names and IP addresses for the internet’s core root servers – to Verisign, another NASDAQ-listed company. More recently, Internet Society, the non-profit custodian of the .ORG domain, attempted to sell its rights to the domain to private equity firm Ethos Capital. The sale was blocked by the Internet Corporation for Assigned Names and Numbers (ICANN), after much outcry. Mozilla’s collaboration with Cloudflare is no different: in the guise of efficiency or security, the locus of global internet governance has remained firmly in the West, although its economic, and dare one say, civic anchors now lie to the East. 

In response to the charge that it has further concentrated internet governance , Mozilla has simply said the DNS is anyway centralised. “Five companies control over 80% of the US broadband Internet market”, Mozilla argues. “Enabling DoH in Firefox will be less centralisation, not more, because it shifts traffic away from large ISPs, and provides users with more choice.”

This is a tendentious claim, given the use of certain resolvers will lead to lock-in effects. Most DNS queries are resolved “locally”, i.e., rarely sent to the authoritative directories, because internet users tend to browse the same content repeatedly. This is true of India, as it is of the United States. As a result, DNS resolvers maintain a “cache” – a ready reckoner of sorts – that will quickly identify the destination address and retrieve it for the user. Who would not want faster loading of websites and apps?! In fact, with the DoH resolver already known, the app or browser works in a “predictive” environment – this could help it reduce the time required to identify a DNS resolver.  So-called “trusted resolvers” therefore have a headstart in gaining new internet users, thanks to their collaboration with powerful browsers. The cost of switching DNS resolution services for users and networks – and by extension their browsers – become higher over time. 

This scenario could result in three kinds of dependencies.

First, the rush to earn a “Trusted Resolver” tag, or its equivalent, may increase the reliance of DNS resolvers on Google and Mozilla. This dependency will heighten Big Tech’s power to determine standards and rules on the governance of user data online.

Second, as DoH resolvers gain a foothold in international markets, they could edge out smaller ISP-based DNS services, which are still popular – not to mention the fact that it dents any effort by India to create its own “national” DNS resolver. “Trusted” DoH resolvers may emerge as de facto suppliers of national and global cybersecurity, which is a public good.

And third, DoH complicates the job of law enforcement agencies (LEAs) in monitoring and analysing DNS-related attacks, which are on the rise in India. According to a recent report, India saw the highest number of DNS attacks in 2020. Anyone remotely familiar with the glacial pace of India-US negotiations on accessing cross-border data will know that increasing Indian LEAs’ dependency on foreign DNS resolvers is a sure-fire prescription for data localisation policies.

Indian policymakers must be cognisant of the concerns posed by DoH in all its strategic — economic, security and political — dimensions. The United Kingdom, for instance, has already sought assurances from Mozilla that it will not enable DoH by default without proper consultations. New Delhi too should be wary of technological interventions that sweep the rug from under its feet, and reduce its own agency over a booming digital economy. In 1990, Edward Luttwak famously articulated the premise of “geoeconomics”: if technological innovation is meant to increase a state’s capacity, he argued, it cannot be free from the “logic” of conflict or competition. That logic has not changed over three decades. 

Arun Mohan Sukumar is a PhD Candidate at The Fletcher School, and the author of Midnight’s Machines: A Political History of Technology in India (Penguin RandomHouse, 2019). 

Disclosure: The author is a volunteer at the non-profit organisation iSpirt. While iSpirt is not a competitor to Mozilla or other private entities referenced here, it has been involved in helping build some of the “ecosystems” described in this piece.