Google

DNS over HTTPS (DoH) support coming to Android Chrome (by default)

2020 09 03 10.26.56 1 - for some reason we don't have an alt tag here

DNS over HTTPS has been an option in Chrome since at least May, and I evidently turned it on in Android sometime around then and forgot to write how to do it, but now it’s coming by default to Chrome for Android, that is if your DNS provider has it enabled.

Secure DNS allows you to browse the web on a public WiFi and not have information about which sites you’re going to easily sniffable by anyone within WiFi earshot. While most of the web is encrypted these days, random people knowing that you’re paying bills and what different sites you go to can have some consequences.

As your current ISP and that public WiFi probably do not pass off secure DNS servers to you, Chrome will be allowing for a manual list of secure DNS providers as a fallback.

This is a feature that will be rolling out, so as with all things Google, you’ll get it when you get it. If you want to enable it now, go into Android settings, look up Private DNS (settings, connections, More connection settings, Private DNS) and put in a known DoH server (I suggest one.one.one.one for this.)

image 1 - for some reason we don't have an alt tag here
Homer didn’t use DNS over HTTPS and now Marge knows he’s going to Moe’s

Open up your Chrome browser on Android, type CHROME://FLAGS in the address bar and fine Secure DNS Lookups. Enable that, restart the browser, then head over to Cloudflare’s DoH test page. You should now pass 3 out of 4 of the tests.

There are still ways to phish what you’re going to, but it offers a little more security and can’t easily be tracked by a compromised router.

Should be noted, since using the single one.one.one.one Private DNS I’ve had two issues directly related to that, so you might want to wait until there’s a fallback list of DNS servers in Chrome rather than Android’s very limited Private DNS Server option.

List of private DoH servers I can find:

  • 1.1.1.1 (one.one.one.one) – Cloudflare DNS
  • adult-filter-dns.cleanbrowsing.org (blocks porn 185.228.168.10 & 169.11)
  • Cleanbrowsing Family Filter (porn, sets bing/google/YT to safe mode) 185.228.168.168 / 169.168
  • dns.quad9.net (malicious domain blocker)
[Chromium Blog]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King