What is Google up to?

January 30, 2010 by Stephan Schmidt

This week I’ve stumbled over two unrelated blog posts.

DNS Prefetch in Webmail:

When you view an email in Mozilla Thunderbird, it looks at each of the URLs in the body, and does a DNS lookup on each of the domains. It does this so the page loads faster if you click on the link. [...] Worryingly, this issue also affects viewing email in webmail clients. I tested it using hotmail and gmail and both did DNS prefetching on the URLs in the email body. Using HTTPS rather than HTTP disables DNS prefetching. Luckily for GMail users, they recently made all requests HTTPS by default.
Google wants to see client addresses in DNS queries:

Google employees posted an “Internet-Draft” outlining proposed changes to the DNS protocol that allow authoritative DNS servers to see the addresses of clients. This way, geographically distributed content delivery networks can tailor their answers to a specific client’s network location.

Hope the HTTPS holds. But for sure, this does raise my eyebrows makes me shiver.

You can leave a Reply here. Of course, you should follow me on twitter here.

You can share this post!
Do you want to tell others about this article? Use the social bookmark icons to submit this artice to the service of your choice. Thanks.

About the author: Stephan Schmidt is head of development at brands4friends. He has more than 15 years of internet technology experience and 10 years experience in agile. He was head of development, consultant and CTO and is a speaker, author and blog writer. He specializes in organizing and optimizing software development helping companies by increasing productivity with lean software development and agile methodologies. Want to know more? All views are only his own.

8 Tweets

Comments

Buddy Casino

January 30th, 2010

Not sure if this is such a bad thing: the client’s IP address would be truncated to the top 24 bit, afaik, so the client remains anonymous.

DNS-Prefetch could be a security leak in emails? - Dennis' Blog of Indiscriminate

January 31st, 2010

[...] Ref: http://codemonkeyism.com/google/ [...]

Mohan Arun L (@marun2 on Twitter)

February 1st, 2010

I often open Spam email in gmail to check if they are legitimate spam before deleting them. Do you mean to say gmail tries to do DNS prefetching for the spam links embedded in such spam if I open them? I assume all gmail operates these days in https:// mode and the url also begins with https:// in my browser. Can you clarify?

I hope the second proposal is dropped. If authoritative DNS servers see their clients IP addresses, then they are also going to log them, another privacy breach.

stephan

February 1st, 2010

@Mohan: I think Gmail for now is safe because of HTTPS, but I’m not sure Google will keep it that way.

I also hope the second one is dropped.

More data for Google via their DNS servers | crealytics Blog

February 9th, 2010

[...] Thanks to Stephan Schmidt from codemonkeyism! [...]

What people wrote somewhere else:

aperelson

January 31st, 2010

Apparently Google IS messing around with DNS: http://bit.ly/bOJksT