It is hard to imagine that there are unseen people who are solely interested in harvesting and selling sensitive personal data obtained from the websites and apps that we are browsing on – in real-time. It might come as a surprise to many, because in most cases you, your loved ones, colleagues, and people across Africa are unknowingly leaking such data.
Earlier in the year, 4 million Google Chrome users, may have had their personal data, including photos, GPS location, genetic profiles, travel itineraries, online shopping history and credit card information, harvested in a data leak, dubbed DataSpii. The leak is said to have involved 8 browser extensions that have been covertly collecting Chrome and Firefox users’ browsing activity data. Two of these extensions known as SpeakIt! and FairShare Unlock had over 1million users each.
However, you might be thinking, that just because you never downloaded any of these extensions, you are safe; but it turns out that even if someone with whom you have communicated with online had any of the invasive extensions installed on their computer, you may have been impacted by the DataSpii leak. In the case of such breaches, experts believe one of the remedies is to uninstall the leaking extension immediately because disabling them may not be enough; and users should also consider changing passwords. All these activities are tedious and time-consuming actions that take away from users enjoying time online.
Choosing a browser should no longer be just about what’s trending, and convenience instead. It should boil down to how the platform purposes to protect personal data. Online users should have a right to know how their browsers can best protect their online data in a convenient way without the need for constant follow up. Mozilla, a not-for-profit organization that puts people before profit, is at the forefront of implementing DNS-over-HTTPS (DoH), that has also seen the likes of Google and Microsoft follow suit.
To better understand DNS-over-HTTPS it is important to understand what the terms mean and what roles they play. Domain Name System (DNS) is like the phone book for the internet which maps domain names to Internet Protocol (IP) addresses. Browsers do not understand what a domain name like www.example.com, means. Instead, they query the DNS servers when a domain name is entered to get an IP address which is assigned to a computer/server. Therefore, when you visit a website, the browser will use DNS to look up the IP address the platform uses making it able to access internet resources such as the content you are reading now.
On the other hand, Hypertext Transfer Protocol (HTTP) is the connection between web servers and the machine (computer, phone, or tablet) being used. HTTP sets the rules for transferring files, text and other resources on the web; on the other hand, HTTPS is an extension of HTTP which offers a secure layer for the transmission of the resources on the web.
DNS-over-HTTPS (DoH), refers to a proposed standard published in October 2018 as RFC 8484 by the Internet Engineering Task Force (IETF). To date, DNS look-ups have not been secured, posing a risk of snooping and surveillance. For instance, if your Internet Service Provider (ISP) is doing the DNS lookup for you, they can log the domains you are visiting, and keep a record of them.
DNS-over-HTTPS is meant to fix this by making a secure, encrypted connection to DNS servers, then transfer the request, and response over the connection. People or organizations in between, popularly known as man-in-the-middle, will not be able to see which domains are being visited, making it impossible to snoop or tamper with users’ connections.
Data protection concepts like Firefox’s Enhanced Tracking Protection, and the IETF’s DNS-over-HTTPS are important solutions that online users need to know about, and understand because they ensure that personal data is processed with the highest privacy protection, ensuring that it is not made accessible to an indefinite number of persons/organizations. They offer protections that keep users safer from the abuses of Big Tech by not keep a log of personal searches and using encryption to ensure that not even the company knows users’ browsing histories.
At the end of the day, it should be incumbent on Tech companies to ensure that users have at their disposal accessible and non-time consuming solutions to achieve this. Tech companies should be increasingly cognizant of the risks involved in tracking users’ activities. They have pretended to care about privacy and crafted tools to tackle ‘privacy’ in their quest to outwit competition which clearly does little to solve the underlying problem of data breeches profiting from users’ information.