Does DNS over HTTPS (DoH) Hide Your Browsing Activity from Your ISP? A Comprehensive Look

The question of whether DNS over HTTPS (DoH) completely hides your browsing activity from your Internet Service Provider (ISP) is a complex one, with the answer being: partially, but not entirely.

Let's break down why.

What is DNS and why does it matter for privacy?

The Domain Name System (DNS) is the phonebook of the internet. When you type a website address (like www.example.com) into your browser, your computer needs to translate that human-readable name into a numerical IP address that computers understand. This translation is done by DNS servers.

Traditionally, your computer would query your ISP's DNS servers to perform this lookup. This means your ISP sees every website you visit, even if you use HTTPS (which encrypts the content of your communication, but not the destination).

How DNS over HTTPS (DoH) Works

DoH encrypts the DNS lookups themselves, sending them over HTTPS to a DNS provider of your choice (like Google Public DNS, Cloudflare DNS, or others). This means your ISP can still see that you're communicating with a DNS server, but they can't see which websites you're trying to access.

What DoH Hides from Your ISP:

• Website addresses (domain names): The most significant benefit of DoH is the encryption of the domain names you're querying. Your ISP no longer has a direct record of the websites you visit.
• Some metadata: While the actual website URLs are hidden, some metadata might still be visible. This includes the amount of data transferred, the timing of your requests, and the IP address of the DNS server you are using. This information can be correlated to create a partial picture of your activity, though a much less detailed one than without DoH.

What DoH Does NOT Hide from Your ISP:

• Your IP address: Your ISP will still know your IP address, which can be used to identify your general location and potentially link you to certain activities. It is fundamentally impossible to hide your IP address from your ISP without using a VPN.
• The fact you're using DoH: Your ISP can see that you are using encrypted DNS, even if they can't see the contents of the encrypted traffic. Some sophisticated ISPs might try to infer activity patterns based on the frequency and volume of DoH queries.
• The IP addresses of visited websites: Even though the domain names are hidden, your browser still needs to connect to the websites' IP addresses. This information is not encrypted and is still visible to your ISP.
• Your overall internet usage: Your ISP will still be able to monitor your overall data consumption.

The Importance of Context

The level of privacy DoH provides depends heavily on the context. In scenarios where an ISP is actively monitoring user activity (for example, in countries with strict internet censorship or where ISPs actively sell user data), DoH offers a significant improvement in privacy. However, it's crucial to understand that DoH is not a silver bullet.

DoH in conjunction with other privacy tools

For enhanced privacy, DoH can be used in conjunction with other tools like VPNs. A VPN encrypts your entire internet traffic, masking your IP address and hiding your activity from both your ISP and any third-party observers. This, in conjunction with DoH, would substantially increase your privacy.

Conclusion

DoH significantly improves your privacy by encrypting your DNS lookups, preventing your ISP from directly seeing which websites you visit. However, it doesn't offer complete anonymity. Your IP address and overall internet usage patterns remain visible. To achieve a higher degree of privacy, combining DoH with other privacy tools like a VPN is advisable.