Shutterstock 229479100

The penny has finally dropped inside ISPs and governments that a privacy technology called DNS over HTTPS (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.

In the UK, this matters because under the 2016 Investigatory Powers Act (IPA), ISPs are required to store a record of which websites citizens visit for the previous 12 months, which is done by noticing Domain Name System (DNS) requests, e.g. to xyz.com.

DNS over HTTPS (and its close relative DNS over TLS, or DoT) makes this impossible because it encrypts these requests – normally sent in the clear – hence the panic reported in a recent Sunday Times article (paywall).

The link for this article located at NakedSecurity is no longer available.