Chrome 85 for Android will add a secure DNS for safer and more private browsing, a feature based on DNS-over-HTTPS
Google announced Tuesday that Chrome 85 for Android will add a secure DNS (Domain Name System) for safer and more private browsing. This is a feature based on DNS-over-HTTPS, added from Chrome 83, which allows to encrypt a "DNS search" to ensure safer and more private browsing for users. Abbreviated as DoH, the security protocol is already operational on desktop platforms and was reinforced with the release of Chrome 85 last week. Google also intends to help DoH providers adapt their service accordingly.
According to Google's blog post announcing the news, Chrome 85 brings secure DNS support into Chrome for Android with the same design principles as the desktop variant. With this feature, Chrome will automatically switch to DoH mode if your current DNS service provider supports it. The automatic mode will allow Chrome to revert back to the normal DNS service offered by the user's current provider (including DNS-on-TLS if configured) to avoid service interruption.
In addition, in case the default behavior is not appropriate for users, Google said that Chrome 85 will also offer users a manual configuration option to allow them to use a specific provider without a fall-back solution. Similarly, users will have the option to completely disable the feature from within the browser settings. Thus, Chrome will be able to automatically disable Secure DNS "if it detects a managed environment through the presence of one or more corporate policies.
Google has also provided a mode for administrators. It has added DNS-over-HTTPS enterprise policies "to enable managed configuration of Secure DNS and also encourage IT administrators to consider deploying DNS-over-HTTPS for their users. As was the case with the desktop version, Google announced that Secure DNS for Chrome on Android will be deployed for users over a period of time, particularly to ensure stability and performance.
Among other things, the phased deployment is also intended to "help DoH service providers adapt their services accordingly". Last year, Google received some support from ISPs because of the DNS-over-HTTPs protocol. As a result, the company said it will remain open to comments and collaboration with interested parties such as mobile operators and other ISPs, DNS service providers and online child safety advocates to make further progress in securing the DNS.
About DNS-over-HTTPS, when you type a web address or domain name in your address bar your browser looks up the IP address of that website by sending a request over the Internet. Typically, the request is sent to the servers via a plain text connection. This connection is unencrypted, which makes it easy for third parties to see which website you are about to access. This is where DNS-over-HTTPS (DoH) comes into play by encrypting your connection and making browsing secure.
It sends the domain name you typed to a DoH-compatible DNS server using an encrypted HTTPS connection instead of a plain text connection. When enabled, DoH ensures that your ISP cannot collect and sell personal information related to your browsing behavior. However, there are disadvantages associated with this practice. DNS is also used to block malware, enable Parental Control, filter your browser's access to websites, etc. So, when enabled, DoH bypasses your local DNS resolver and makes these special policies fail. Finally, DoH may be slower than traditional DNS queries, but tests have shown that the impact is minimal.