Though no single person or entity oversees the public internet, a few large companies have taken increasing control of critical network resources and infrastructure, the underlying technical components on which the internet runs. Because this consolidation runs contrary to the internet’s design as a diverse and competitive network, the implications for its future are tremendous — extending to grave concerns over the internet’s weakest link.
The Domain Name System is essential to the internet’s operation, functioning as a globally distributed directory of services that’s often described as the internet’s phone or address book. The system translates a domain name (or website address) into its numerical IP address, enabling data to be accurately transmitted between different devices and servers. It’s what allows you to type “www.wikipedia.org” into a browser and not have to know where Wikipedia’s computers are located on the network in order to access them. Because it works instantaneously and invisibly, most internet users aren’t even aware that it exists.
As important as it is, it’s also incredibly vulnerable. Conceived in a bygone era before the commercial internet, when cybersecurity wasn’t a major concern, the DNS pretty much operates out in the open. When you enter a domain name from a browser or device, it requests the IP address from the nearest DNS server, which relays the request to another server if it can’t directly provide the information. These queries are typically plain text, meaning that every time you look something up or visit a website, your requests can be seen by your internet service provider or by anyone with access to your wireless network or any of the intermediate servers. Internet service providers can track your activity and sell your DNS and browsing activity to third parties.
DNS servers are also susceptible to attacks that can block access to websites, redirect users to malicious domains, and take vast chunks of the internet offline. In 2008, the late security researcher Dan Kaminsky discovered a fundamental DNS design flaw that could have allowed attackers to compromise DNS servers and redirect traffic to malicious websites. In 2016, a series of distributed denial-of-service (DDoS) attacks knocked out Dyn, a major DNS provider, by overwhelming it with traffic from a malware botnet. This caused a massive disruption across the US and Europe that affected many of the internet’s most popular services. Such attacks demonstrate the folly of DNS concentration, with a single point of failure presenting a ripe target.
In recent years, the Internet Engineering Task Force (IETF) has developed ways to encrypt DNS data and help prevent snooping and assaults. Transitioning to encrypted DNS may seem like an improvement in privacy and security for the entire internet, but the change has the unfortunate effect of consolidating corporate control over DNS resolution, which has already problematically moved from a reliance on many local servers toward the centralization of only a few.
The IETF’s encryption standards — DNS over HTTPS (DoH) and DNS over TLS (DoT) — are promising developments, but because these protocols take resources to implement effectively, big companies like Google and Cloudflare are in a position to dominate the market for encrypted DNS. Working in tandem with implementations on Google’s Chrome browser and Mozilla’s Firefox browser, the two companies are essentially supplying encrypted DNS services to the world in exchange for the metadata. Just as Facebook and Google previously positioned themselves as the internet’s de facto identity registries, now Google and Cloudflare are situated to become a de facto duopoly for network navigation, selling their consolidation in terms of security.
Encryption “is really meaningless without an authenticated channel to an entity we trust,” Martin Schanzenbach, a computer science researcher at the Fraunhofer Institute of Applied and Integrated Security, told me. “Big tech is positioning itself (once again) as a trusted third party, just like it did with identity before.”
Entrusting the internet’s security and privacy to corporations that generally profit from monetizing user information seems unlikely to end well. Google and Cloudflare both have privacy commitments behind their encrypted DNS implementations, but they are still recording queries in some way. Apart from the danger that governments will have an easier time gathering data on the internet habits of citizens, there’s also the prospect of Google and Cloudflare leveraging their DNS data insights for competitive advantages in improving other services.
“A client might decide to trust a particular recursive resolver with information about DNS queries,” explained Jari Arkko, former chair of the IETF, in a 2019 memo. “However, it is difficult or impossible to provide any guarantees about data handling practices in the general case. And even if a service can be trusted to respect privacy with respect to handling of query data, legal and commercial pressures or surveillance activity could result in misuse of data.”
But to understand how we got here, it helps to recognize that DNS has been inherently problematic since the beginning.
The Domain Name System
The DNS has humble roots as a simple text file. In the 1970s, the ARPANET, the forerunner to the modern internet, was made up of a few hundred computers. Each computer had a dual identity — a numerical address, and a domain name. A shared HOSTS.TXT file mapped human-readable names to numerical addresses, and it was compiled each week by members of the Stanford Research Institute.
But as the ARPANET grew, manually maintaining the text file became unsustainable. In the early 1980s, Paul Mockapetris, a University of Southern California computer scientist, conceived the current Domain Name System. His solution to the scaling problem of a single text file was elegant. Rather than distributing a single, massive text file across the network, the system relied on several name servers that could return the name/address pairs to any device requesting them. The centralized HOSTS.TXT file at Stanford gave way to a few top-level domain managers — educational institutions, which managed domains ending in .edu; government institutions, which managed .gov; the military, which managed .mil; and so on. These in turn could be subdivided into a nested hierarchy of sub-domains.
Though the DNS was now more distributed than the previous HOSTS.TXT file, it still was highly centralized. In the early 1990s, the US government’s National Science Foundation assumed responsibility for the DNS. Amid concerns about a single government dominating this important part of the internet, in 1998 the DNS was transferred to an independent nonprofit organization, the Internet Corporation for Assigned Names and Numbers (ICANN). The IETF specifies the workings of the DNS protocol, while ICANN coordinates the allocation of domain names, with a special focus on supervising the root name servers — the highest level in the DNS hierarchy, residing above the top-level domain managers.
Reacting to ICANN’s central role in the DNS, in 1999, World Wide Web inventor Tim Berners-Lee famously argued that the DNS was the “one centralized Achilles’ heel by which [the web] can all be brought down or controlled.” For Berners-Lee, the DNS was a weak spot because only a handful of computers stored the master list at the top of the domain hierarchy, and because control over domains could be similarly hierarchical. As he wrote in his book Weaving the Web:
“Control over the ‘top-level’ domains such as .com and .edu indirectly gives control over all domain names, and so is something of great power. Who should exercise that power? … One problem is that the better domain names will wind up with the people or companies that have the most money, crippling fairness and threatening universality.”
For Berners-Lee, the “better domain names” were snappy, memorable ones, like “soap.com” and “sex.com.” The late 1990s saw a land-grabbing scramble for domain names, with some companies bidding millions of dollars for memorable domains and suing anyone who they saw as infringing their trademarks. More recently, in April of this year, Argentina’s centralized domain registrar mistakenly sold Google’s local domain to a Argentine citizen for around $3 USD, and Twitter users encouraged the man to hold out for hundreds of thousands of dollars before he returned it to Google.
This hyper-valuation of a few characters of text was possible, in large part, due to the concentration of the DNS. As Berners-Lee noted, the “technical decision to make [DNS] a single point of reliance can be exploited politically for power and commercially for profit.”
A Dark Alternative
Others were also concerned about the dangers of centralization via the DNS. In the late 1990s and early 2000s, privacy-conscious coders developed three encrypted, anonymized “Dark Web” networks. They each wrestled with the domain name problem in their own way — and largely failed to solve it.
“At present the Internet is seen as a hot-bed of anarchy, beyond the controls of individual governments, a system which ensures free-speech and free-thought by its very nature,” wrote the computer scientist Ian Clarke in 1999. “Unfortunately, while this seems true at present, it is caused more by a lack of knowledge about the technology involved, rather than being a feature of the technology. It is actually the case that the Internet could lead to our lives being monitored, and our thinking manipulated and corrupted to a degree that would go beyond the wildest imaginings of Orwell.”
For Clarke, the internet was a space where corporations and governments could surveil users — and a key tool for surveillance and power was the DNS, since anyone who controls DNS can see what we’re up to online. This inspired Clarke to develop one of the first Dark Web systems: Freenet, a fully decentralized networking system where readers and producers of content are both anonymized.
How can anyone find a file in a network where you don’t know who anyone is? On the regular internet, we know who runs DNS servers and therefore who’s mapping domain names to IP addresses. In contrast, Freenet doesn’t rely on any centralized DNS, but at a cost: the URLs for Freesites are impenetrable alphanumeric strings. There is nothing like “google.com” on the Freenet — instead, Freesites have snappy URLs such as:
Freenet’s Dark Web successors, I2P and Tor, have similar usability problems, relying on long, alphanumeric strings. Whatever their visions for fighting surveillance and providing privacy, it’s not likely that the Dark Web will replace the public internet when end users have to type in addresses like “http://msydqstlz2kzerdg.onion/” to visit a page.
These projects have been hindered by Zooko’s Triangle. Named for cybersecurity specialist Zooko Wilcox-O’Hearn, Zooko’s Triangle gives you two (and only two) of the following options for a name system: security, human readability, and decentralization. Freenet, I2P, and Tor opted for decentralization and security, at the obvious cost that their URLs are unmemorable strings.
Love the DNS You’re With?
In the face of Zooko’s Triangle, maybe we’re stuck with the DNS and should concentrate on improving it. That’s where recent efforts to encrypt DNS come in. For most of its history, alternative networks like Freenet and Tor had an edge on the DNS in that their systems were at least encrypted. DNS could only claim about one and a half parts of Zooko’s Triangle. The DNS’s domain names are certainly human-readable. But while we can type “thereboot.com” and not have to memorize that site’s IP address (22.214.171.124, if you’re curious), it’s only recently that the DNS has implemented any form of security.
The development of DNS over HTTPS (DoH) and DNS over TLS (DoT) in the 2010s was meant to add a degree of privacy for internet users. In theory, encrypted DNS protects us from a new surveillance capitalism practice: ISPs snooping on internet traffic in order to build marketing profiles on their customers. With encrypted DNS, ISPs cannot gather such data.
But rather than undermine surveillance capitalism, encrypted DNS could end up centralizing it. Google, a leading provider of encrypted DNS, is especially well positioned to gather valuable data about us, since its DNS is tied to its Chrome browser, its search engine, and its Android operating system. If you have Android, your default DNS is Google’s “126.96.36.199.” Google will get the data whether or not that connection is encrypted, and since Google is at its core an advertising company, it seems inevitable that DNS data will be used help drive marketing.
“The DNS resolver centralisation problem is growing, as some web browsers are choosing to deploy encrypted DNS query protocols such as DNS-over-HTTPS (DOH), and are doing it with default servers being centralised ones,” wrote Arkko in 2019. “When Internet infrastructure changes, this has wide-encompassing effects across all users and all types of traffic. Normal users rarely configure their Internet connectivity parameters in any fashion. As a result, the impact of defaults, operating system and browser settings are wide-ranging.”
Cloudflare, like Google, is also in a prime position to gather DNS data, especially since Mozilla’s Firefox browser changed its default DNS resolver to Cloudflare’s DoH. To its credit, Cloudflare claims that it will not sell personal data gleaned from Firefox. But its central position poses another risk. Apart from the likelihood that two companies are learning more and more about our online behavior, this also means that when one of them has an outage — as Cloudflare did in mid-2020 — massive parts of the internet cease to operate. Moreover, if encrypted DNS flows to Google and Cloudflare, then much of the global internet will be under the aegis of two US-based corporations.
Perhaps a new wave of alternatives and DNS fixes are in order.
Reform or Radical Change
One effort to reform the system comes from a team of computer scientists from Princeton, the University of Chicago, and TU Delft. They found that DNS services could be selected at random on a case-by-case basis, thus limiting the amount of information that a given DNS provider can see about us. They also suggest that if the online content is coming from an entity that also runs a DNS service — such as Cloudflare’s content delivery network — then the DNS query would be routed to that company, since the content provider would already know what sites are being looked at. If Google, for example, would ultimately be serving content to an end user, they would also handle the DNS request. In fact, Google and Cloudflare are working on a proposal to implement this plan.
For some, the very fact that Google and Cloudflare are involved in fixing DNS centralization — a problem that they’re benefiting from — reflects the same sort of centralized dominance that is the issue in the first place. Christian Grothoff, professor at Bern University of Applied Sciences, has for many years been concerned about for-profit dominance over the internet. He and a team that includes Martin Schanzenbach are working on the GNU Name System (GNS), a decentralized alternative to the DNS that could bring previous efforts like Freenet up to date on the modern network.
Rather than the hierarchical DNS, the GNS is a peer-to-peer system, starting on the end user’s machine and then escalating queries across the network. The GNS can “put each user in charge of their networking without making them dependent on registration,” Grothoff explained. “We wanted users to be able to share naming data with each other, but without having to suffer censorship and surveillance by the name system infrastructure.”
Grothoff and Schanzenbach aim to make this change invisible to the end user. Unlike switching to a Dark Web, normal internet users can simply go on browsing, unaware that the naming system underpinning their online activities has changed.
But the GNS has run into resistance. Schazenbach noted that the IETF has requested that alternative name systems force end users to do odd things, like typing URLs that look like this: “www#amazon#com.” Given that changing periods to octothorpes goes against years of internet habits, implementing GNS in this way would be a major obstacle to user adoption.
Ultimately, more efforts are going to be needed to counter DNS centralization while protecting user privacy, especially if we want to preserve the vision of the internet as a decentralized, heterogeneous network.