Understanding User Awareness and Behaviors Concerning Encrypted DNS Settings

TL;DR

This paper investigates user awareness and behaviors regarding encrypted DNS settings, highlighting the lack of user understanding and the need for better interface design to help users balance privacy and performance.

Contribution

It provides empirical evidence on user awareness of encrypted DNS and offers design implications to improve user understanding and control over DNS privacy and performance tradeoffs.

Findings

Most users are unaware of encrypted DNS configurations.

Default settings often compromise user privacy without clear user awareness.

Design improvements can enhance user understanding and control.

Abstract

Recent developments to encrypt the Domain Name System (DNS) have resulted in major browser and operating system vendors deploying encrypted DNS functionality, often enabling various configurations and settings by default. In many cases, default encrypted DNS settings have implications for performance and privacy; for example, Firefox's default DNS setting sends all of a user's DNS queries to Cloudflare, potentially introducing new privacy vulnerabilities. In this paper, we confirm that most users are unaware of these developments -- with respect to the rollout of these new technologies, the changes in default settings, and the ability to customize encrypted DNS configuration to balance user preferences between privacy and performance. Our findings suggest several important implications for the designers of interfaces for encrypted DNS functionality in both browsers and operating systems, to help improve user awareness concerning these settings, and to ensure that users retain the ability to make choices that allow them to balance tradeoffs concerning DNS privacy and performance.