IGF 2021 WS #209 The State of DNS Privacy Technologies

Thursday, 9th December, 2021 (10:15 UTC) - Thursday, 9th December, 2021 (11:45 UTC)
Conference Room 6

Organizer 1: Technical Community, Western European and Others Group (WEOG)
Organizer 2: Technical Community, Western European and Others Group (WEOG)
Organizer 3: Technical Community, Western European and Others Group (WEOG)

Speaker 1: Roxana Radu, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Carlos Martinez Cagnazzo, Technical Community, Latin American and Caribbean Group (GRULAC)
Speaker 3: Andrew Campling, Private Sector, Western European and Others Group (WEOG)


Round Table - U-shape - 90 Min

Policy Question(s)

Cybersecurity practices and mechanisms: What are the good cybersecurity practices and international mechanisms that already exist? Where do those mechanisms fall short and what can be done to strengthen the security and to reinforce the trust?
Ensuring a safe digital space: How should governments, Internet businesses and other stakeholders protect citizens, including vulnerable citizens, against online exploitation and abuse?

For more than three decades, the DNS has been transmitting too much information about end users and their Internet usage habits. And worse, it has done so without encryption, meaning that anyone can capture that information. In the past three years, the DNS technical community has driven hard at developing and standardising new technologies that, for the first time, enable significant obfuscation of end user data (including PII). Some of these privacy technologies, however, have challenges that have alarmed nation-states. The purpose of this workshop is to facilitate dialogue to assist all participants in balancing the competing goals as they apply to their own localities.



Targets: Achieving end user privacy goals through legislation and regulation requires a careful balancing of relevant technologies and policy goals. Empowering all stakeholders, and ensuring that diverse viewpoints are vocalized and listened to, helps reduce inequality and promotes better policy coordination and coherence.


Over the last few years, there has been a marked increase in the amount of legislation on the topic of Internet end user data privacy. At the same time, the Internet Engineering Task Force has standardized many new technologies that enable the Internet’s Domain Name System to more privately exchange end user data. DNS privacy technologies are changing fast and it is essential for parliamentarians and policy makers to understand various privacy technologies that have been developed. This will be a 90-minute town hall style discussion to enable IGF participants to openly discuss, debate, and share their experiences with DNS privacy technologies. During this session, experts will highlight the current state of various privacy technologies. Audience members will be encouraged to discuss these technologies, end user privacy policy goals, and ask questions of both the world class panel and fellow audience members. The session will be guided by four world class experts in the field: Paul Hoffman (ICANN, Civil Society, United States), Dr. Roxana Radu (Institut de hautes études internationales et du développement, Academia, Switzerland), Carlos Martinez (LACNIC, Civil Society, Uruguay), and Andrew Campling (419 Consulting, Private Sector, United Kingdom).

Expected Outcomes

The idea of this town hall type of session is to promote nuanced discussion about end user privacy goals, understanding that different societies and regions of the world have different policy priorities. We have limited the number of speakers so that after setting the scene, the speakers supported by the moderator will develop a dialogue with participants about the issues. We will prepare background briefing materials to support this dialogue. The intent of the session is to help spread the word about these technologies and include more people in the debate, help people build new networks for collaboration on the topic, and to potentially impact decision making around the world through the discussions that will be had at the IGF and their diffusion after the town hall style workshop concludes.

Given the town hall style format and its inherent openness, this format is conducive to the hybrid format. Some of the speakers have committed to be in Katowice in-person, and at least one will participate remotely. The session has an active moderator, which will help ensure a good balance for all participants, whether they are in Katowice or participating remotely. Onsite and online moderators will be interacting with each other to ensure that the session is truly hybrid and that participants are treated equally.

Online Participation


Usage of IGF Official Tool.


Key Takeaways (* deadline 2 hours after session)

Several issues and challenges regarding DNS privacy technologies were discussed, focusing on the different standards and technologies. It was noted that there could be antitrust concerns in the market of DNS services · It was highlighted that larger operators are more active in the market and have greater leverage on market’s direction to protect queries

Call to Action (* deadline 2 hours after session)

There was no official call to action but speakers highlighted the advantages of encrypted DNS, as well as some disadvantages, such as issues with trouble shooting in some cases · In was noted that many DNS services are US based · There was a discussion about market dynamics in the DNS ecosystem · It was highlighted that there is little research in the market of open resolvers ·

Session Report (* deadline 26 October) - click on the ? symbol for instructions

WS #209 The State of DNS Privacy Technologies

Thursday, 9th December, 2021 (10:15 UTC) - Thursday, 9th December, 2021 (11:45 UTC)

Hybrid Session. ~100 participants

Speakers: Paul Hoffman, ICANN; David Huberman, ICANN; Roxana Radu, Civil Society, Western European and Others Group (WEOG); Carlos Martinez Cagnazzo, Technical Community, Latin American and Caribbean Group (GRULAC); Andrew Campling, Private Sector, WEOG

Summary: Overall, the session explained encrypted DNS and various other privacy enhancing technologies for the DNS. There was a discussion on the market of these technologies and a debate on concentrations in the DNS market.

Various technologies to encrypt the DNS were described, including DNS over HTTPS, DNS over QUIC, DoH-over-Tor, and Apple Private Relay. Products that offer these features include Mozilla’s Firefox browser, Google (both its Chrome browser and Android operating system), and Microsoft’s operating systems and browsers. Public recursive DNS services such as Google Public DNS and Quad9 receive the queries from these products. It was noted that there are concerns with centralization of Internet infrastructure, being that the products mainly come from  the US. The European Commission has proposed the strategy called “DNS4EU” because many public resolvers are operated by US-based companies.

Next was a discussion on the DNS services market. The idea that the market is US-centered was reiterated. It was said by Roxana Radu that the market has experienced concentration, a consolidation of a two-sided market. At the same time, it was noted that it is a very dynamic market. Among the biggest players, Cloudflare and Google with more than a third of the queries.

There are jurisdictional concerns because it is not clear what happens after DNS queries a given country; some services do not have restrictions when it comes to integrating data with other services. Another point that was made was that some countries mandate content filtering and blocking, and some public resolvers don’t do that.

One regulator in the room, Ofcom, noted that there is an effort by regulators to bring more technologists on board to ensure that policy does not happen in a vacuum.

Andrew Campling noted that it would be helpful to have more regulators in the standards bodies. IETF for example, could also make policy considerations in addition to the technical considerations.