Say you are large ISP and you want to maximize profit. If you can track who your users are connecting to you can then start degrading their network connection and the target to pay for a better connection.
Comcast was doing this, people noticed much better latency/bandwidth if they used a VPN so that Comcast couldn't tell they were communicating with netflix.
So now with encrypted DNS a user looks up netflix.com:
"bill@kona:~$ dig +short netflix.com | head -1"
gets you 52.37.69.124
But they just see encrypted packets. They can of course do a reverse lookup on the IP and:
"bill@kona:~$ dig +short -x 52.37.69.124" gets you
ec2-52-37-69-124.us-west-2.compute.amazonaws.com.
Is that a webcam watching an eagles nest? One of a zillion video streaming services? Is it a users cat monitoring webcam proxied through a random webcam provider? Someone hosting their plex server on amazon?
Without being able to see the DNS records it becomes much harder to track, market, and muck with a users traffic.
Comcast could of course make everyone's network connection worse (not just netflix), but then people would complain that they are paying for a high speed internet connection (not just a connection to comcast services) and not getting it.
Comcast was doing this, people noticed much better latency/bandwidth if they used a VPN so that Comcast couldn't tell they were communicating with netflix.
So now with encrypted DNS a user looks up netflix.com: "bill@kona:~$ dig +short netflix.com | head -1" gets you 52.37.69.124
But they just see encrypted packets. They can of course do a reverse lookup on the IP and:
"bill@kona:~$ dig +short -x 52.37.69.124" gets you ec2-52-37-69-124.us-west-2.compute.amazonaws.com.
Is that a webcam watching an eagles nest? One of a zillion video streaming services? Is it a users cat monitoring webcam proxied through a random webcam provider? Someone hosting their plex server on amazon?
Without being able to see the DNS records it becomes much harder to track, market, and muck with a users traffic.
Comcast could of course make everyone's network connection worse (not just netflix), but then people would complain that they are paying for a high speed internet connection (not just a connection to comcast services) and not getting it.
Almost like net neutrality.