Jigsaw, a technology incubator created by Google and operated as a subsidiary under the Alphabet brand, has released today an Android app named Intra that can encrypt DNS queries as a protection against DNS manipulation at the ISP (internet service provider) level.
DNS manipulation is one of the most common forms of online censorship used by oppressive regimes or unscrupulous ISPs, used to block access to news sites, information portals, social media platforms, undesirable software, and more.
Intra protects against DNS manipulation by keeping DNS traffic hidden from third-parties with state-level surveillance capabilities, such as internet service providers in countries with autocratic regimes.
At the technical level, the Intra app works by implementing "DNS over HTTPS" (DoH), a fledgling technology that will soon reach the status of internet standard with the Internet Engineering Task Force (IETF), the organization in charge of approving such technologies.
DNS over HTTPS works by sending DNS requests and receiving DNS responses via HTTPS-encrypted connections.
By encrypting all DNS traffic coming and going from a device, DoH keeps third-party observers from knowing what websites a user is trying to access. But DoH is not enough to safeguard the user's entire web traffic since the actual connection to remote services also needs to take place via HTTPS as well.
Nonetheless, DoH is a good mechanism that's often more than enough to avoid DNS-based blacklists that some countries or ISPs have implemented to block users' access to "undesired" content, such as foreign media or news sites critical of the local regime.
DoH is currently supported by Firefox and by Android 9.0 Pie, the most recent version of the Android OS, released at the end of August.
Jigsaw's new Intra Android app allows users on older handsets to take advantage of DoH by encrypting connections from the local device to a remote DoH-capable DNS server.
Intra is easy to install and run right away, and comes pre-configured to funnel encrypted DNS queries to Google's DoH-capable DNS servers by default. Users can also switch to Cloudflare's DNS system, or use a custom DoH-capable server as well.
The new Intra app is available from the official Google Play Store, here, and its source code is hosted on GitHub, here.