Users say Google’s VPN app “breaks” the Windows DNS settings

Aurich / Thinkstock

Google offers a VPN via its “Google One” monthly subscription plan, and while it debuted on phones, a desktop app has been available for Windows and Mac OS for over a year now. Since a lot of people pay for Google One for the cloud storage increase for their Google accounts, you might be tempted to try the VPN on a desktop, but Windows users testing out the app haven’t seemed too happy lately. An open bug report on Google’s GitHub for the project says the Windows app “breaks” the Windows DNS, and this has been ongoing since at least November.

A VPN would naturally route all your traffic through a secure tunnel, but you’ve still got to do DNS lookups somewhere. A lot of VPN services also come with a DNS service, and Google is no different. The problem is that Google’s VPN app changes the Windows DNS settings of all network adapters to always use Google’s DNS, whether the VPN is on or off. Even if you change them, Google’s program will change them back.

Most VPN apps don’t work this way, and even Google’s Mac VPN program doesn’t work this way. The users in the thread (and the ones emailing us) expect the app, at minimum, to use the original Windows settings when the VPN is off. Since running a VPN is often about privacy and security, users want to be able to change the DNS away from Google even when the VPN is running.

Changing the DNS can result in several problems for certain setups. As users in the thread point out, some people, especially those using a VPN, want an encrypted DNS setup, and Google’s VPN program will just turn this off. It can break custom filtering setups and will prevent users from accessing local network IPs, like a router configuration page or corporate intranet pages. It will also make it impossible to log in to a captive portal, which you often see on public Wi-Fi at a hotel, airport, or coffee shop.

Besides that behavior, the thread is full of all sorts of reports of Google’s VPN program getting screwy with the Windows DNS settings. Several users say Google’s VPN app frequently resets the DNS settings of all network adapters, even if they change them after the initial install sets them to 8.8.8.8. For instance, one reply from ryanzimbauser says: “This program has absolutely no business changing all present NICs to a separate DNS on the startup of my computer while the program is not set to ‘Launch app after computer starts.’ This recent change interfered with my computer’s ability to access a network implementing a private DNS filter. This has broken my trust and I will not be reinstalling this program until this is remedied.”

Several user reports say that even after uninstalling the Google VPN, the DNS settings don’t revert to what they used to be. Maybe this is more of a Windows problem than a Google problem, but a lot of users have trouble changing the settings away from 8.8.8.8 through the control panel after uninstalling. They are resorting to registry changes, PowerShell scripts, or the “reset network settings” button.

Google employee Ryan Lothian responded to the thread, saying:

Hey folks, thank you for reporting this behaviour.

To protect users privacy, the Google One VPN deliberately sets DNS to use Google’s DNS servers. This prevents a nefarious DNS server (that might be set by DHCP) compromising your privacy. Visit https://developers.google.com/speed/public-dns/privacy to learn about the limited logging performed by Google DNS.

We think this is a good default for most users. However, we do recognize that some users might want to have their own DNS, or have the DNS revert when VPN disconnects. We’ll consider adding this to a future release of the app.

It’s pretty rare for Google, the web and Android company, to make a Windows program. There’s Chrome, the Drive syncing app, Google Earth Pro, this VPN app, and not too much else. You can find it by going to the Google One website, clicking “Benefits” in the sidebar, and then “View Details” under the VPN box, where you’ll find an exceedingly rare Google Windows executable.

If you want a VPN and care about privacy, there are probably better places to go than Google. The company can still see all the websites you’re visiting via its DNS servers, and while the VPN data might be private, Google’s DNS holds onto your web history for up to 48 hours and is subject to subpoenas. There are several accusations in the thread of Google changing DNS for data harvesting purposes, but if you’re concerned about that, maybe don’t do business with one of the world’s biggest user-tracking companies.

Source link