How to keep your ISP's nose out of your browser history with encrypted DNS

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: April 9, 2018 at 8:29:58 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] How to keep your ISP's nose out of your browser history with encrypted DNS
> Reply-To: dewayne-net () warpspeed com
>
> [Note:  This item comes from friend Robert Berger.  DLH]
>
> How to keep your ISP’s nose out of your browser history with encrypted DNS
> Using Cloudflare’s 1.1.1.1, other DNS services still require some command-line know-how.
> By SEAN GALLAGHER
> Apr 8 2018
> <https://arstechnica.com/information-technology/2018/04/how-to-keep-your-isps-nose-out-of-your-browser-history-with-encrypted-dns/>
>
> The death of network neutrality and the loosening of regulations on how Internet providers handle customers' network 
> traffic have raised many concerns over privacy. Internet providers (and others watching traffic as it passes over the 
> Internet) have long had a tool that allows them to monitor individuals' Internet habits with ease: their Domain Name 
> System (DNS) servers. And if they haven't been cashing in on that data already (or using it to change how you see the 
> Internet), they likely soon will.
>
> DNS services are the phone books of the Internet, providing the actual Internet Protocol (IP) network address 
> associated with websites' and other Internet services' host and domain names. They turn arstechnica.com into 
> 50.31.169.131, for example. Your Internet provider offers up DNS as part of your service, but your provider could 
> also log your DNS traffic—in essence, recording your entire browsing history.
>
> "Open" DNS services provide a way of bypassing ISPs' services for reasons of privacy and security—and in some places, 
> evading content filtering, surveillance, and censorship. And on April 1 (not a joke), Cloudflare launched its own 
> new, free high-performance authoritative DNS service designed to enhance users' privacy on the Internet. This new 
> offering also promised a way to hide DNS traffic completely from view—encryption.
>
> Named for its Internet Protocol address, 1.1.1.1 is the result of a partnership with the research group of APNIC, the 
> Asia-Pacific Internet registry. While it's also available as an "open" conventional DNS resolver (and a very fast one 
> at that), Cloudflare is supporting two encrypted DNS protocols.
>
> While executed with some unique Cloudflare flare, 1.1.1.1 isn't the first encrypted DNS service by any means—Quad9, 
> Cisco's OpenDNS, Google's 8.8.8.8 service, and a host of smaller providers support various schemes to encrypt DNS 
> requests entirely. But encryption doesn't necessarily mean that your traffic is invisible; some encrypted DNS 
> services log your requests for various purposes.
>
> Cloudflare has promised not to log individuals' DNS traffic and has hired an outside firm to audit that promise. 
> APNIC wants to use traffic data to point to the IP address, which has the unfortunate legacy of being a dumping 
> ground for "garbage" Internet traffic, for research purposes, according to APNIC's Geoff Huston. But APNIC won't have 
> access to the encrypted DNS traffic in this case, either.
>
> For users, taking advantage of encrypted DNS services from Cloudflare or any other privacy-focused DNS services is 
> not as easy as changing a number in network settings. No operating system currently directly supports any of the 
> encrypted DNS services without the addition of some less-than-consumer-friendly software. And not all of the services 
> are created equally in terms of software support and performance.
>
> But with consumer data as product all over the news as of late, I set out to see just how to get Cloudflare's 
> encrypted DNS service working. And overcome by my inner lab-rat, I ended up testing and dissecting clients for 
> multiple DNS providers using three of the established protocols for DNS encryption: DNSCrypt, DNS over TLS, and DNS 
> over HTTPS. All of them can work, but let me warn you: while it's getting easier, choosing the encrypted DNS route is 
> not something you'd necessarily be able to walk Mom or Dad through over the phone today. (Unless, of course, your 
> parents happen to be a seasoned Linux command-line user.)
>
> [snip]
>
> Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
> Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180409090203:2FB1F33C-3BF6-11E8-8A71-B3CA19F8F6A3
Powered by Listbox: http://www.listbox.com