Exposing child victims: The catastrophic impact of DNS-over-HTTPs

Olivia is a little girl with an horrendous story. She was raped and sexually abused as a three-year-old, and this continued until police rescued her when she was eight. Six years after her rescue, the photographs of her abuse are still collected and shared online by sexual predators. 

So how does this relate to an easily overlooked piece of jargon “DNS over HTTPS”? 

Here at the IWF, we’ve created life-changing technology and data sets helping people who were sexually abused as children and whose images appear online. The IWF URL List, or more commonly, ‘the block list’, is a list of live webpages that show children being sexually abused, a list used by the internet industry to block millions of criminal images from ever reaching the public eye.  

It’s a crucial service, protecting children, and people of all ages in their homes and places of work. It stops horrifying videos from being stumbled across accidentally, and it thwarts some predators who visit the net to watch such abuse.

But now its effectiveness is in jeopardy. That block list which has for years stood between exploited children and their repeated victimisation faces a challenge called DNS over HTTPS which could soon render it obsolete. 

It could expose millions of internet users across the globe - and of any age – to the risk of glimpsing the most terrible content.

So how does it work? DNS stands for Domain Name System and it’s the ‘phonebook’ by which you look something up on the internet. But the new privacy technology could hide user ‘requests’, bypass filters like parental controls, and make globally-criminal material freely accessible. What’s more, this is being fast-tracked, by some, into service as a default which could make the IWF list and all kinds of other protections defunct. 

At the IWF, we don’t want to demonise technology. Everyone’s data should be secure from unnecessary snooping and encryption itself is not a bad thing. But the IWF is all about protecting victims and we say that the way in which DNS over HTTPS is being implemented is the problem. 

If it was set as the default on the browsers used by most of us in the UK, it would have a catastrophic impact. It would make the horrific images we’ve spent all these years blocking suddenly highly accessible. All the years of work for children’s protection could be completely undermined – not just busting the IWF’s block list but swerving filters, bypassing parental controls, and dodging some counter terrorism efforts as well. 

From the IWF’s perspective, this is far more than just a privacy or a tech issue, it’s all about putting the safety of children at the top of the agenda, not the bottom. We want to see a duty of care placed upon DNS providers so they are obliged to act for child safety and cannot sacrifice protection for improved customer privacy.

The story of vulnerable young victims like Olivia is too often silenced in the jabber of commercial and technical advance, but their case must not merely be heard, it must form the very heart of this debate.