How DNS over HTTPS is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem

Kevin Borgolte, Tithi Chattopadhyay, Nick Feamster, Mihir Kshirsagar, Jordan Holland, Austin Hounsel, Paul Schmitt Princeton University and The University of Chicago

Abstract third party. This change has fundamental implications for performance, competition, and privacy in the Inter- Internet communication relies on the Domain Name net ecosystem. From the performance perspective, a System (DNS), which maps a human-readable Internet shift to DoH would potentially impede the performance destination to an IP address. A recent proposal for trans- of conventional DNS lookups while accelerating the mitting DNS over HTTPS (DoH) enhances client pri- performance of content delivery when the content is co- vacy by tunneling DNS over secure HTTP (HTTPS). In located with the DoH resolver. This scenario is already this paper, we explore the policy implications of con- the case today, where many DoH operators also operate solidated DoH by systematically analyzing the market- content delivery networks (CDNs). This mode of oper- place, measure its performance effects, and investigate ation may result in better performance for content that how it affects the different stakeholders, including con- is hosted on these CDNs, effectively rekindling certain sumers. We enumerate the agents in the marketplace aspects of net neutrality, where content hosted by some as well as their market incentives. We then examine parties is practically delivered with better performance the performance of DoH through client-based measure- than others. ments compare unencrypted DNS with DoH. As DoH Encrypted DNS traffic would also seem to improve deployments change the competitive landscape of the privacy, but the net effect of DoH is ultimately a change market, we explore their effect on other operators, ISPs, whereby a single party can observe and monetize DNS and broadband access at the last mile, as well as the po- traffic, where monetization might take many forms, tential regulatory and policy implications of DoH de- ranging from the ability to more efficiently deliver ployments. content to the ability to deliver targeted advertising. DoH also has implications for competition dynamics 1 Introduction amongCDNs: certainCDNs use client localization tech- niques based on the location of the client’s DNS re- Essentially all Internet communication relies on the solver. In some cases, DoH makes this type of client lo- (DNS), which maps a human- calization more challenging, meaning that these CDNs readable Internet destination to an IP address before would face significant operational costs merely to stay two endpoints can communicate. Today, most DNS competitive. Whoever controls DNS controls client queries and responses are transmitted in cleartext, mak- mapping to content, increasing the potential for anti- ing them vulnerable to eavesdroppers and traffic anal- competitive behavior in content delivery. For example, ysis. To mitigate some of these privacy risks, ongo- a DoH operator could degrade the performance of con- ing work in both standards bodies and browser imple- tent delivery from competitors—possibly unintention- mentations transmits DNS over HTTPS (DoH) between ally, through suboptimal server mapping—possibly in clients and third parties who operate DoH resolvers. difficult-to-measure ways. Finally, the consolidation of Encrypting DNS transport offers certain privacy ben- DNS resolution that would result from a small number efits, but doing so entails various architectural changes. of DoH providers creates the potential for surveillance, Namely, the default operators of DNS, once largely censorship, manipulation, control, and coercion. Internet service providers, become content providers, In this paper, we explore the policy implications of content delivery networks, and essentially any other DoH by measuring its performance as compared to

1 conventional DNS, analyzing the marketplace dynam- ment and use this protocol because of collaborations ics, and investigating the implications of architectural and ties with CDN operators, who also operate DoH re- refactoring on regulatory policy. We first explore the cursive resolvers. Although the agents involved in DoH competitive landscape, including the incentives of vari- are the same as for conventional DNS, the agent deliver- ous stakeholders, from ISPs to CDNs. We then compare ing the domain name resolution service is no longer the conventional unencrypted DNS to DoH using multiple ISP, and the features and characteristics of the service DoH providers and while varying the network perfor- have changed. This causes the interdependencies and mance conditions. We then explore various policy im- relationships between the agents to shift. These chang- plications. As DoH deployments can change the com- ing interdependencies have an effect on overall market petitive landscape of the market, we explore their im- structure. pact on other operators, ISPs, and broadband access at the last mile. Finally, we explore the potential regula- 2.1 Competition and Adjacent Markets tory and policy implications of current and future DoH deployments. Direct Competition. Traditional DNS resolvers op- erated by ISPs will be directly affected as they use DNS traffic analysis to enable parental control and malware 2 Market Structure and detection and among some of their offerings. Current Competitive Landscape DoH implementations through web browsers and third party CDNs is in direct competition with ISPs because A client or the user that wants to access a particular the older protocol is primarily run by ISPs. DNS queries type of content, or application, does so by searching a that are now resolved through cloud services, as in DoH, domain name. These domain names then need tobe directly compete with traditional ISPs that previously mapped to IP addresses. Every device connected to handled the resolution process. the Internet has a unique IP address and the process of translating domain names to the IP address involves Consequences for Adjacent Markets (particularly several different steps that are often performed bya ISPs and CDNs). Several of the agents involved in DNS resolver. Traditionally, DNS resolvers have been implementation of the DoH resolvers have tie-ins with managed by the user’s ISP, and the process could often third party CDNs or operate in adjacent markets. These involve making repeated requests until the IP address relationships lead to potential uses of monopoly lever- is identified. In some cases this process is simplified aging in the adjacent market. In markets where the by temporarily storing data closer to the client (DNS same provider operates in multiple complementary caching). Caching can be done at the ISP’s resolver, the markets, it is possible that the provider can sustain loss user’s system, and the browser level. CDNs also play an of revenue in one market while they build up their cus- important role in storing data closer to the client to im- tomer base because of their ability to use their presence prove performance and process queries faster. The pro- in the adjacent highly concentrated market to recover cess of DNS resolution involves the following agents: some of these losses. In cases where agents described theclient/usermakingtherequest, thewebbrowser, the above operate in multiple markets, it becomes critical , the ISP (that carries out DNS resolu- to observe revenue generation strategies employed in tion), the content provider, and possibly a CDN. other markets to squeeze out competition in a new mar- The DNS queries transmitted to and from the ISPsare ket. often unencrypted and insecure. Prior work has demon- Several existing studies explore how complementary strated that DNS queries can make users susceptible to products can be used to preserve and create monopolies eavesdropping and tracking [11]. These potential pri- in the future and in emerging markets [3]. Their analy- vacy risks have resulted in recent developments that in- sis focused on entry costs and network externalities and clude applying techniques to DNS traffic2 [ , extends the analysis to the case where a tie-in 5, 12, 15, 21, 26]. In this paper, we focus on DNS over of Windows and Internet Explorer created a monopolis- HTTPS (DoH) [12]. The most common implementation tic market structure. This work can further be extended of DoH has been through web browsers, like to areas where a setting is analyzed in which a monop- and Chrome. They are able to imple- olist can control the pace of innovations and the life-

2 time of a particular product. In the case of DoH, there is According to several web traffic measurement sources, potential risk of impact to CDN localization and diver- over 80% of the global web traffic usage is from three sity if only a few concentrated applications (e.g., web web browsers: , Apple Safari and browsers) and DNS resolvers control the global market. Mozilla Firefox (Internet Explorer if one considers only desktop browsers). While there are differences in their Bundling. The practice of bundling products or ser- methods of measuring global traffic, these different vices has commonly been used in the telecommunica- measurement sites unanimously point toward a con- tions and information industry. On one hand these in- centration of global players in the market. dustries are highly interconnected and benefit from bet- Additionally these platforms tend to partner with other ter integration with complementary products and ser- agents (third-party commercial DNS resolvers) that are vices [6]. This need for compatibility and standardiza- also highly concentrated. The prevalence of highly con- tion has often resulted in firms entering multiple com- centrated complementary producers leads to a market plementary markets simply because they are able to that is lopsided because of network effects (even if there provide higher quality products than their counterparts is no intent to jeopardize consumer welfare). that are not integrated in the same way. Even when it is Network effects occur when the consumer’s utility not the same firm operating in the two complementary from a particular good is enhanced or improved as markets, exclusive collaborations and partnerships can more consumers purchase the product or complemen- result in services that are more compatible and have bet- tary products. There are two aspects to network cre- ter performance. It is possible that in the case of DoH, ation that can potentially create an anti-competitive en- the use of Google Chrome and Google’s public DNS re- vironment. Thefirstaspectisthefirm’sdesiretocapture solver can lead to quicker resolution than two unrelated a larger market power by attracting more and more con- entities because of the potential to developsoftware and sumers, and the second is working together as a system hardware that is more compatible. with various other complementary products to ensure Furthermore, consumers often like to avoid the high compatibility [18]. Most technologies in this industry transaction costs that come with dealing with multiple often do not stand alone and are required to becom- providers (for billing, customer service and so on), and patible with other complementary products to survive. prefer to deal with just one firm that provides these bun- For example, device manufacturers partner with oper- dled services. While there are significant benefits to ating system and web platform providers. Additionally, bundling products that are highly interconnected, they some device manufacturers can also hard-code DNS re- often lead to issues of discrimination and eventually in- solvers, examples include Google Chromecast hard cod- creased barriers to entry into a particular market. It ing its resolvers to Google’s public DNS (8.8.8.8). is possible that Cloudflare and Google’s content could These markets are often characterized by network ef- enjoy performance benefits as a result of DoH resolu- fects that exist when the value of a customer joining a tion through their respective DNS servers. Addition- network is increased due to the purchase of compati- ally, while these services promise privacy through use ble products. In this case, third-party commercial DoH of encrypted transport and by policies that prohibit user resolvers find benefits from the consumers’ choice of tracking, there are aggregate user patterns that are re- web browser or operating system. Unlike other mar- vealed to these third-party resolvers that can be benefi- kets where competition is usually encouraged, the In- cialtotheirownbusiness asseveralofthemalso operate ternet and information industry experiences significant as CDNs and content providers. benefits from consumers being in the same network or purchasing products from the same firm. In this case, 2.2 Interconnection and Network Effects be- it is possible that the consumer benefits from using a cause of Web Browser/OS Tie-in particular web browser (i.e., Mozilla Firefox), and expe- riences benefits when the collaboration with a single re- The effect on the competitive landscape primarily arises solver (e.g., Cloudflare’s resolver) results in better per- from the current implementation of DoH through a formance and privacy benefits. While a consumer may small number of global players in this market. This is experience benefits from this arrangement, there are largely due to the fact that most global traffic is asso- still welfare losses that can be incurred if competition ciated with a relatively small number of web browsers. is not encouraged in the long run.

3 2.3 Effects on Consumers 3 Performance Effects

Consequences for Areas with Poorer Network An effect of centralized DNS resolution and the useof Coverage. Broadbandcoverageandthequalityofthe DoHisthatperformancecanbegreatlyimpactedbynet- network both globally and within the US has varied due work conditions [13, 14]. To understand the relation- to geographical challenges, density of population, and ship between DoH providers, network conditions, and various other economic and regulatory reasons. It is DNS protocols, we measure page load times while us- no secret that there are areas within the US with more ing a default university-network DNS recursor as well broadband providers and stronger network coverage, as DoH recursors provided by Cloudflare, Google, and and other less-profitable areas with weaker coverage Quad9. Page load times are gathered by inspecting and fewer providers. The use of DoH according to our HTTP Archive objects (HARs), which can be collected study has significant impact on areas with poorer net- from any webpage in Firefox [24]. We collect HARs work coverage, which further deepens some of our dig- for each website, which include timings for the onLoad ital divide concerns. We expand on this in Section 3. event, as well as for individual components for each re- quest that the browser made, including all resources of a page. We perform our measurements using different ISP Consumer Choice and Switching Costs. DoH, network scenarios, including conditions that emulate which is primarily implemented through web browsers, mobile network characteristics. First, we connect one has a direct effect on consumer choice. While some con- machine to the Internet via a university campus net- sumers are sophisticated and understand the options work. The university has a 20 Gb/s connection tothe that their web browser provides them, most consumers Internet. It is a well-connected network to Cloudflare, interact with their web browsers in ways that are far Quad9, and Google, respectively. Second, we place a simpler. Additionally, in a multiplatform and highly measurement node on the university network, but with networked market with multiple producers providing traffic shaping applied to emulate 4G mobile network services that require compatibility and standardization, performance. We shape outgoing traffic with an addi- consumers cannot often understand the impact of their tional latency of 53.3 ms and jitter set to 1 ms. We also choices on other related services. In these cases, the dropped 0.5% of packets to mimic the loss that cellular default offered by the web browser and an explanation data networks can exhibit. Finally, we shape our uplink of the user’s choice is of paramount importance. Con- rate to 7.44 Mb/s and our downlink rate to 22.1 Mb/s. sumers need to have a clear understanding of trade-offs These settings are based on an OpenSignal report ofmo- between these choices. A user should be able to choose bile network experience across providers [23]. Figure 1 between DNS privacy (and who they can trust) and compares page load times for DoH providers versus a other security and control features including parental university resolver with the two different network per- controls (among others). formance profiles. Each plot shows a CDF for the dif- Further, web browsers and OS platforms are ference in page load times between a cloud provider’s highly concentrated markets and DoH implementa- DoH implementation and the default university recur- tions through these platforms have significant impact sor. The shading indicates the severity of median dif- on consumer switching costs. Previous studies have ference between the DoH provider and the university, demonstrated that switching costs arise because of a with darker shades meaning DoH resulted in slower user’s need for compatibility between their current page loads. good or service and their future investments [19]. In Page load times when using Cloudflare DoH on the the case of DoH, some switching costs for consumers university network are comparable to using the univer- 1 may be associated with device ties to operating system sity resolver (Figure 1a). However, Google and Quad9 and default browsers. Even in the scenario where a con- DoH resolvers result in higher median page load times sumer is able to make an informed choice between their that the university resolver (Figures 1b and 1c, respec- privacy preserving options and other performance re- 1At the time of our measurement the publicly available Google lated features, they may not be able to exercise these DoH resolver was advertised as “experimental,” a likely contribut- choices because of switching costs. ing factor to its overall poor performance.

4 Cloudflare DoH - Default Do53 Google DoH - Default Do53 Quad9 DoH - Default Do53 1.0 1.0 1.0 0.8 0.8 0.8 0.6 0.6 0.6 0.4 0.4 0.4 Probability Probability Probability 0.2 0.2 0.2

0.0 0.0 0.0 -10 -1 0 1 10 -10 -1 0 1 10 -10 -1 0 1 10 Page Load Time Difference (seconds) Page Load Time Difference (seconds) Page Load Time Difference (seconds) (a) Cloudflare DoH, University Network (b) Google DoH, University Network (c) Quad9 DoH, University Network

Cloudflare DoH - Default Do53 Google DoH - Default Do53 Quad9 DoH - Default Do53 1.0 1.0 1.0 0.8 0.8 0.8 0.6 0.6 0.6 0.4 0.4 0.4 Probability Probability Probability 0.2 0.2 0.2 0.0 0.0 0.0 -10 -1 0 1 10 -10 -1 0 1 10 -10 -1 0 1 10 Page Load Time Difference (seconds) Page Load Time Difference (seconds) Page Load Time Difference (seconds) (d) Cloudflare DoH, 4G (e) Google DoH, 4G (f) Quad9 DoH, 4G

Figure 1: Web page load time comparisons between a default recursor and open DoH recursors operated by cloud providers with emulated network conditions.

tively). These results indicate that the choice of DoH three key areas. First, widespread adoption of DoH will provider, and by extension the choice of application challenge the Federal Communications Commission’s as DoH recursors are often set in the application, can reliance on the ISP-provided DNS look up system to jus- greatly impact the user experience. tify its light touch regulation of ISPs by reclassifying When network conditions are less ideal than the well- them as information service providers. Second, it will connected university network (Figures 1d, 1e, and 1f), have significant implications for how consumers and the gap in page load times between clients that use reg- regulators protect privacy. Third, it will have implica- ular DNS and those that use DoH widens, with DoH tions for policies that require ISPs to filter or block sites clients performing worse. This means that applications using the DNS function. that utilize DoH by default, such as web browsers, will lead to a worse end-user experience as network condi- 4.1 Net Neutrality tions deteriorate, or for users in areas with poor connec- tivity generally (i.e., areas with poor broadband connec- In the FCC’s most recent round of rulemaking on net tivity), effectively broadening the Internet connectivity neutrality, the 2018 Restoring Internet Freedom Or- gap. der [9], one of the FCC’s core arguments rests on the assertion that “the vast majority of ordinary consumers rely upon the DNS functionality provided by their ISP, 4 Regulatory and Policy and the absence of ISP-provided DNS would fundamen- Implications tally change the online experience for the consumer” [9, Paragraph 34]. But, as discussed above, DoH allows If Internet users shift to routinely relying on third-party browsers, applications or web sites to substitute for the resolvers for DNS queries, that would have significant ISP-provided DNS function without any noticeable im- implications for how we regulate the Internet in at least pact to the end user experience. If ISP-provided DNS is

5 no longer critical, then an important rationale for the end user. As a result, rather than resolve the esoteric treatment of Internet service as an information service problemofhowtoviewthesignificanceof ISP-provided falls away. DNS service, the public debate can return to the core The FCC relied on the ISP-provided DNS architec- question about what is the appropriate regulatory struc- ture to justify its reclassification of Internet service as ture for Internet service. an “information service” rather than a “telecommunica- tion service.” This arcane distinction between the two 4.2 Privacy and Security types of services has a profound real-world implication as it determines the type of authority the agency has Widespread adoption of DoH could have significant im- to regulate the conduct of ISPs. In the FCC’s reading, plications for the privacy of DNS lookups. A core fea- ISP-provided DNS is an indispensable component of the ture of the protocol is that it offers a significant improve- total service offered to consumers. On this view, ISP- ment for the security and privacy for user activity by en- provided DNS makes the total Internet service offering crypting the transport to the resolver. But it also allows an “information service” because that lets the ISP per- forthird-partyresolverstocollectsensitiveinformation formallthefunctionsinthedefinitionofaninformation about user activity in a manner that the end user may service (e.g., acquiring, storing and processing informa- not understand or consent to freely. Therefore it raises tion). important questions about what should be done to en- The view of ISP-provided DNS as a functionally in- sure that third party DNS resolvers adequately inform tegrated component of Internet service played a criti- users about the data collection and limit any commer- cal role to the United States Supreme Court decision in cial use of that information absent user consent. Brand X that upheld the FCC’s classification of cable In- DNS privacy is increasinglya significant concern and ternet service as an information service [22]. The Brand design consideration. Research has shown that DNS Xmajorityobservedthat“theentirequestioniswhether lookups can reveal various aspects of user activity in- the products here are functionally integrated (like the cluding the apps they use, web sites they visit, the de- components of a car) or functionally separate (like pets vices in their home and how they are using them. This and leashes). That question turns not on the language canbedoneevenifthewebsiteorapphascontentthatis of the Act, but on the factual particulars of how Inter- encrypted. As a result, various efforts have been devel- net technology works and how it is provided, questions oped to send DNS queries over encrypted transport pro- [Supreme Court precedent] leaves to the Commission tocols. The use of encrypted transports makes it impos- to resolve in the first instance”22 [ , p. 991]. sible for passive eavesdroppers to observe DNS queries, The dissent vigorously disagreed with the Court’s re- like an attacker for devices on a shared network (e.g., liance on what it saw as a cramped reading of the statute. a wireless network in a coffee shop). This limits the In Justice Scalia’s colorful language, he explained that potential for a man in the middle attack. These trans- the majority conflated an offering of a service (“pizza” ports also allow clients to send encrypted DNS queries in his analogy) with another (“delivery”). He explained toathird-partyresolver(e.g., GoogleorCloudflare), pre- that the ISP’s DNS function was merely adjacent to venting a user’s ISP from seeing the DNS queries of its the core offering of a telecommunication service22 [ , subscribers. As such, from a privacy perspective, DoT pp. 1012–1013]. and DoH are attractive protocols, providing a measure In subsequent cases challenging agency regulation, of confidentiality that DNS previously lacked. But the the legal debate concerning DNS has oscillated around user’s queries are still being collected by the DNS re- these two poles: is ISP-provided DNS is a core inte- solver and are subject to exploitation. grated component of Internet service, or does it fit Curiously, major ISPs have not attempted to mone- within a telecommunications management exception tize the user data generated from DNS lookups. Some for functions that merely facilitate the delivery of the ISPs, however, have tried to monetize “error traffic” main service? The advent of DoH, however, challenges on a more limited basis [25]. Similarly, third-party re- that debate’s framing. Now DNS look up can be readily solvers, such as Google or Cloudflare, have promised supported by a third-party resolver through a browser that they will not attempt to monetize the user data or application in a manner that does not appear func- from DNS queries [4, 10]. As discussed above, there tionally different from the ISP-provided service tothe is no fundamental economic reason for DNS providers

6 to shun making a profit from DNS lookup data. There- among other things, the security risks posed by the luctance to commercialize the information flow likely changes to the DNS function the bills would require. stems from a concern about the predictable consumer Any future attempts to regulate in this space will now and regulatory backlash that would ensue if a company have to also contend with the additional challenge of collected, processed and sold such sensitive user data. making third-party resolvers comply with new policies. In addition, the business model of ISPs, which previ- More generally, there are constitutional challenges ously provided most of the lookup services, historically with requiring any resolver to apply DNS filtering [1]. did not depend on commercializing consumer data. By The leading decision in this area struck down a Pennsyl- contrast, exploiting consumer data is at the core of the vania law requiring ISPs to use DNS filtering to block ac- business model of a third-party resolver such as Google. cess to child pornography because the proposed mech- As a result, there is little reason to believe that a com- anism violated the First Amendment [17]. In that case, pany such as Google lacks the profit motive to avoid the law gave the Pennsylvania Attorney General per- monetizing DNS query data in perpetuity. mission to seek a court order requiring an ISP to “re- If the new third-party resolvers become major play- move or disable items residing on or accessible through” ers in managing DNS queries, that could affect the cur- an ISP’s service upon a showing of probable cause that rentregulatoryapproachthat hastreatedISPsas having the item constitutes child pornography. Once the ISP a unique role in resolving DNS. In 2016, the FCC recog- was notified that a court order was issued, it hadfive nized the potential for ISPs to attempt to monetize DNS days to block access to the specified content or face data, among other things, and promulgated comprehen- criminal liability. The court conducted an in-depth trial, sive regulations to govern such conduct [8]. Ultimately, where the court heard testimony from experts and net- those broadband privacy rules were not approved by work operators. At the trial’s conclusion, the court Congress after the change in administration. But the ruled that with the current state of technology, the law concern animating the FCC remains; namely that re- “cannot be implemented without excessive blocking of lying on voluntary commitments by DNS resolvers to innocent speech in violation of the First Amendment.” maintaining user privacy may not be enough. Indeed, Specifically, the court found that DNS filtering would one of the key contentious issues was whether ISPs block requests for all sub-pages under the blocked do- should be treated differently from edge providers in main name. In other words, requests for all of the inde- applying limits to the collection, use and sale of user pendent pages on the site, not just the page that displays data [7]. While ISPs argued for a level playing field, the the targeted child pornography item would be blocked. proponents of the new regulations emphasized the ISPs The court also found that such DNS filtering mecha- had a unique role in resolving all DNS queries for its sub- nisms were not effective because they could be readily scribers and therefore had a near monopoly on access circumvented by those who can use anonymous proxy tothatsensitiveinformation. Ifthird-partyresolversbe- servers or anonymizers to shield their conduct. come widely adopted, the argument for equal treatment In the United Kingdom, the country’s ISP associa- all entities that manage sensitive DNS queries becomes tion recently nominated Mozilla as an “Internet Villain” much stronger. for “their proposed approach to introduce DNS-over- HTTPS in such a way as to bypass UK filtering obli- 4.3 Filtering and Blocking gations and parental controls, undermining Internet safety standards in the UK” [16]. After a public outcry, The third area where the shift to third-party resolvers the association withdrew that nomination and the en- has potential policy implications concerns restrictions tire “Internet Villain” category. But it noted the concern on access to certain websites. In the United States, legis- thatapplicationsthatprovideparentalcontrolsthrough lators have made several unsuccessful attempts to task DNS filtering may no longer work as intended. ISPswiththeresponsibilityforfilteringorblockingweb In the United States, there are fewer rules about the siteswithobjectionablecontentusingtheirDNSlookup types of parental controls ISPs must offer. A handful of function. Most recently, the proposed federal Stop On- states (Louisiana, Maryland, Nevada, Texas and Utah) line Piracy Act and the Protect Internet Privacy Act, re- have passed laws that require ISPs to give subscribers quired ISPs to implement DNS blocking [20]. Those access to parental controls that enable blocking or fil- proposals failed to pass Congress, however, because, tering of websites available to subscribers. And some

7 of the parental controls use DNS filtering to restrict ac- [3] Dennis W Carlton and Michael Waldman. “The cess. It is possible that these states (or others like them) strategic use of tying to preserve and create mar- could require third-party resolvers to offer similar op- ket power in evolving industries”. In: The Rand tions for parents to exercise control. But the challenge Journal of Economics 33.2 (2002). is that a state does not have the same type of jurisdiction [4] Cloudflare. Privacy – Cloudflare Resolver. url: ht over the service as it does over an ISP that has a physi- tps://developers.cloudflare.com/1.1.1.1/ cal presence within its borders as a result of providing commitment-to-privacy (visited on 07/26/2019). Internet service to subscribers. [5] Frank Denis and Yecheng Fu. DNSCrypt. url: ht tps://.info/ (visited on 07/26/2019). 5 Conclusion [6] Joseph Farrell and Garth Saloner. “Installed Base and Compatibility: Innovation, Product Prean- DNS queries have historically been transmitted in un- nouncements, and Predation”. In: The American encrypted cleartext and resolved by a user’s Internet Economic Review 76.5 (1986). url: http://www. service provider (ISP). Recent developments aim to use jstor.org/stable/1816461. HTTPS as the transport for DNS, in a protocol called DNS over HTTPS (DoH). Today, most operators of DoH [7] Nick Feamster. RE: Docket No. 16-106, Protecting resolvers are not ISPs but rather content delivery net- the Privacy of Customers of Broadband and Other works and other third parties. In this paper, we have Telecommunications Services. url: ://ecfs taken an initial look at the implications of this architec- api.fcc.gov/file/60002079344.pdf (visited on tural refactoring for performance, privacy, competition, 07/26/2019). and regulatory policy. These developments certainly [8] Federal Coommunications Commission (FCC). warrant continued vigilance, to ensure that Internet Protecting the Privacy of Customers of Broadband performance—and ultimately consumer experience— and Other Telecommunications Services. FCC-16- benefits from DoH deployments. In this vein, Inter- 148.Docket16-106.31FCCRcd13911(17).Nov.2, net measurements such as those we have presented can 2016. and must play a pivotal role. For example, such mea- [9] Federal Coommunications Commission (FCC). surements can continue to shed light on the ultimate Restoring Internet Freedom. FCC-17-166. Docket effects of DoH on user experience, from DNS lookup 17-108. 33 FCC Rcd 311 (1). Jan. 4, 2018. time to web page load time; Measurements can also help us better understand how DoH providers are mapping [10] Google. Your Privacy – Public DNS – Google De- clients to Web content. Ultimately, as with Internet velopers. url: https:/ / developers.google. performance measurements writ large, continual vig- com/speed/public-dns/privacy (visited on ilance through Internet measurement can reduce the 07/26/2019). likelihood that DoH provider behavior is either discrim- [11] Benjamin Greschbach, Tobias Pulls, Laura M inatory or anti-competitive. Roberts, Philipp Winter, and Nick Feamster. “The Effect of DNS on Tor’s Anonymity”. In: arXiv References preprint arXiv:1609.08187 (2016). [12] Paul Hoffman and Patrick McManus. DNS [1] Jack M. Balkin. “Old School/New School Speech Queries over HTTPS (DoH). Tech. rep. 8484. (Pro- Regulation”. In: Harvard Law Review 127 (May 6, posed Standard). RFC Editor, Oct. 2018. url: 2014). http://www.ietf.org/rfc/rfc8484.txt. [2] Daniel J. Bernstein. DNSCurve: Usable Security [13] Austin Hounsel, Kevin Borgolte, Paul Schmitt, for DNS. url: https:/ / .org/ (visited Jordan Holland, and Nick Feamster. “Analyzing on 07/26/2019). the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web”. In: Extended abstract. Co- located with IETF 105. July 22, 2019. doi: 10. 1145/3340301.3341129.

8 [14] Austin Hounsel, Kevin Borgolte, Paul Schmitt, [20] Mark Lemley, David S. Levine, and David G. Post. Jordan Holland, and Nick Feamster. “Analyzing “Don’t Break the Internet”. In: Stanford Law Re- the Costs (and Benefits) of DNS, DoT, and DoH view Online 64 (Dec. 19, 2011). for the Modern Web”. Full paper. July 18, 2019. [21] PaulSchmitt,AnneEdmundson,AllisonMankin, arXiv: 1907.08089 [cs.NI]. and Nick Feamster. “Oblivious DNS: Practical [15] Zi Hu, Liang Zhu, John Heidemann, Allison Privacy for DNS Queries”. In: Proceedings of the Mankin, Duane Wessel, and Paul Hoffman. Spec- 19th Privacy Enhancing Technologies. July 2019. ification for DNS over doi: 10.2478/popets-2019-0028. (TLS). Tech. rep. 7858. (Proposed Standard). RFC [22] United States Supreme Court. National Cable & Editor, May 2016. url: http://www.ietf.org/ Telecommunications Association v. Brand X Inter- rfc/rfc7858.txt. net Services. 545 U.S. 967. Docket 04-277. June 27, [16] Internet Service Providers’ Association (ISPA 2005. UK). ISPA announces finalists for 2019 Internet [23] USA Mobile Network Experience Report January Heroes and Villains: Trump and Mozilla lead the 2019. url: https://www.opensignal.com/repor way as Villain nominees. July 2, 2019. url: https: ts/2019/01/usa/mobile- network- experience / / www . ispa . org . uk / ispa - announces - (visited on 05/05/2019). finalists - for - 2019 - internet - heroes - and - villains- trump- and- mozilla- lead- the- way- [24] W3C. HTTP Archive (HAR) Format. url: https: as-villain-nominees/ (visited on 07/26/2019). //w3c.github.io/web-performance/specs/HAR/ Overview.html (visited on 05/05/2019). [17] Judge Jan E. DuBois. Center for Democracy & Technology v. Pappert. Civil Action No. 03-5051. [25] Nicholas Weaver, Christian Kreibich, and Vern United States District Court, Eastern District of Paxson. “Redirecting DNS for Ads and Profit”. In: Pennsylvania, Sept. 10, 2004. Proceedings of the 1st USENIX Workshop on Free and Open Communications on the Internet (FOCI). [18] Michael L. Katz and Carl Shapiro. “Technology Aug. 8, 2011. url: https : / / www . usenix . org / Adoption in the Presence of Network Externali- legacy / events / foci11 / tech / final _ files / ties”. In: Journal of Political Economy 94.4 (1986). Weaver.pdf (visited on 07/26/2019). doi: 10.1086/261409. url: https://doi.org/10. 1086/261409. [26] Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin, and Nikita Somaiya. [19] Paul Klemperer. “Markets with Consumer “Connection-oriented DNS to Improve Privacy Switching Costs*”. In: The Quarterly Jour- and Security”. In: Proceedings of the 36th IEEE nal of Economics 102.2 (May 1987). doi: Symposium on Security & Privacy (S&P). May 10. 2307 / 1885068. url: https: / / doi .org / 10 . 2015. doi: 10.1109/sp.2015.18. 2307/1885068.

9