Recent developments to encrypt the Domain Name System (DNS) have resulted in major browser and operating system vendors deploying encrypted DNS functionality, often enabling various configurations and settings by default. In many cases, default encrypted DNS settings have implications for performance and privacy; for example, Firefox's default DNS setting sends all of a user's DNS queries to Cloudflare, potentially introducing new privacy vulnerabilities. In this paper, we confirm that most users are unaware of these developments -- with respect to the rollout of these new technologies, the changes in default settings, and the ability to customize encrypted DNS configuration to balance user preferences between privacy and performance. Our findings suggest several important implications for the designers of interfaces for encrypted DNS functionality in both browsers and operating systems, to help improve user awareness concerning these settings, and to ensure that users retain the ability to make choices that allow them to balance tradeoffs concerning DNS privacy and performance.
翻译:加密域名系统(DNS)的近期发展导致主要浏览器和操作系统供应商使用加密的 DNS 功能,常常默认地启用各种配置和设置。在许多情况下,默认加密 DNS 设置会影响性能和隐私;例如,Firefox的默认 DNS 设置将用户的所有DNS查询发送到Cloudflare, 可能会带来新的隐私脆弱性。在本文件中,我们确认大多数用户不知道这些发展 -- -- 这些新技术的推出、默认设置的变化以及定制加密 DNS 配置以平衡用户对隐私和性能的偏好的能力。我们的调查结果表明,对于浏览器和操作系统中加密 DNS 功能的界面设计者来说,有若干重要影响,有助于提高用户对这些环境的认识,并确保用户保留做出选择的能力,使其能够在DNS 隐私和性能的权衡取舍。