Encrypted DNS has been available for years — why hasn't it gone mainstream?
DoH (DNS-over-HTTPS) shipped in Firefox back in 2019. Chrome added it. Android has had "Private DNS" in settings since Android 9. The tools are there, free, and built into software most people already use.
But most people — including fairly tech-literate ones — are still sending unencrypted DNS queries to their ISP. Your ISP can see every domain you visit even when the actual content is encrypted by HTTPS. It's one of the last big plaintext visibility gaps that's trivially fixable.
A few reasons I think it hasn't caught on: the setting is buried (in Chrome it's Settings → Privacy and security → Security → Use secure DNS), most people don't know DNS exists as a separate layer from HTTPS, and the threat is abstract. "ISP can see your browsing habits" doesn't land the way "website can steal your password" does.
There are real counterarguments — network-level ad blocking and parental controls depend on plain DNS. Corporate IT has legitimate monitoring reasons. But for a home user who just wants a baseline of privacy, there's basically no downside. Is the UX just too buried, or is there something else keeping this from going mainstream?
0 replies