Page MenuHomePhabricator
Create Task
Maniphest T415531

Integrate Wikimedia DNS into Android apps
Open, Needs TriagePublicFeature
Actions

Description

Feature summary (what you would like to be able to do and where):

Currently all Android apps by Wikimedia use OkHttp which has builtin DNS over HTTPS client.

https://github.com/square/okhttp/tree/master/okhttp-dnsoverhttps

It would take less than 50 lines to integrate Wikimedia DNS (T252132) into the current OkHttp clients.

Use case(s) (list the steps that you performed to discover that problem, and describe the actual underlying problem which you want to solve. Do not describe only a solution):

Protect users from ISP or government DPI middleboxes logging or analyzing of UDP DNS.

Benefits (why should this be implemented?): Privacy enhancement.

Related Objects

Event Timeline

Naruse_shiroha created this task.Jan 26 2026, 11:39 AM
Naruse_shiroha updated the task description. (Show Details)
Naruse_shiroha updated the task description. (Show Details)
Naruse_shiroha updated the task description. (Show Details)Jan 26 2026, 11:42 AM
Naruse_shiroha mentioned this in T415449: Documentation error about TLS 1.2 on Wikimedia DNS DoH on metawiki.Jan 26 2026, 1:12 PM
Naruse_shiroha updated the task description. (Show Details)
Naruse_shiroha updated the task description. (Show Details)Jan 26 2026, 1:36 PM
ssingh added a project: Traffic.Jan 26 2026, 1:43 PM
Dbrant subscribed.Jan 26 2026, 2:14 PM

Is this different from T327286?

Naruse_shiroha added a comment.EditedJan 26 2026, 2:44 PM

Is this different from T327286?

That would require more efforts. Let me quote the metawiki page...

Does this project solve all internet censorship issues?
No. While DNS protocols such as DoH and DoT encrypt DNS queries between your client (like Firefox) and a resolver (Wikimedia DNS), an on-path observer (such as your ISP/government) can still identify which websites you are connecting to either through the Server Name Indication (SNI) field in the ClientHello message (currently unencrypted) or through the IP address of the website. Nevertheless, given that DNS-based censorship and surveillance is often the easiest to implement, securing your DNS is a good first step towards improving your privacy and resisting censorship.

JTannerWMF moved this task from Needs Triage to Product Backlog on the Wikipedia-Android-App-Backlog board.Jan 27 2026, 5:16 PM
Bodhisattwa added subscribers: Bodhisattwa, Saiphani02.Wed, Feb 11, 11:24 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits