No Forbes; That's not how DNS works

Two days ago I wrote a post talking about how words matter and we need to use the right words the right way when we're talking about things...Well, today Forbes decided to prove why that's still absolutely true.

Forbes decided to throw out yet another hit piece on Google Chrome; this time, however, they brought in a "researcher" from Brave to explain why Google Chrome's new ScrollToTextFragment is a privacy "nightmare." The only problem, however, is that Mr. Snyder from Brave doesn't know what he's talking about. The main problem, as referenced in the title, is that's not how DNS works.

Words matter.

To understand this properly let's talk about how DNS actually works. In every URL, there are four parts

  1. The protocol
  2. The domain name
  3. The Directory path
  4. The filename

DNS is only concerned with the domain name. DNS does not see the directory path or the file name. So in Mr. Snyder's example above a DNS server won't see #:text:=cancer because that's not part of the domain name?

Don't believe me? I'll show you. For this test, I typed in

And what showed up in my DNS servers?

Why is this? Because DNS doesn't care about anything but the domain name.

So why am I picking on this article? It's nothing but fear-mongering based on inaccurate information. Mr. Snyder isn't entirely wrong in his assessment that a network security admin could learn information about the employees based on this #:text: links, but he's missing some obvious points. For a network administrator to actually use these scrolltotext links to learn about an employee they would need to be looking at web traffic logs, not DNS logs.

Even that, however, has complications. The largest complication is that the majority of the internet is using HTTPS now and a large number of companies don't have HTTPS proxies in place. HTTPS proxies are complicated to set up because they require a certificate to be installed in every device, then when you factor in certificate pinning HTTPS proxies becomes even more challenging to manage.

Without an HTTPS proxy, a network admin may be able to see the domain the browse (before the TLS negotiation starts) but they aren't going to be able to see the #:text:=.

But a "privacy researcher" like Mr. Snyder should have known all of this.


Words matter. This article you've written is a scare piece based off of incorrect information from a "privacy researcher" working for a direct competitor of Google Chrome. Privacy matters always, but journalistic integrity and the truth matters too. What you are reporting is factually incorrect because that's not how DNS works. I wish you enabled comments on your articles so that I could tell you directly.

Please do everyone a favor and report the truth, not this fiction drummed up to scare people away from Chrome.