Interesting People mailing list archives
Re How to keep your ISP's nose out of your browser history with encrypted DNS
From: "Dave Farber" <farber () gmail com>
Date: Mon, 9 Apr 2018 22:43:40 -0400
Begin forwarded message:
From: Brett Glass <brett () lariat net> Date: April 9, 2018 at 9:14:42 PM EDT To: dave () farber net Subject: Re: [IP] How to keep your ISP's nose out of your browser history with encrypted DNS Dave: The entire premise of this article is, sadly, incorrect -- and appears intended to promote a service via fearmongering. Using a different DNS server does not affect corporations' ability to snoop on one's browser history, since anyone who can see the source and destination IP addresses of a packet can perform reverse DNS on those addresses on its own. What's more, ISPs do not snoop on DNS. In fact, because their DNS resolvers are generally connected to their customers via secure links (especially in the case of WISPs, which encrypt the last mile), those links are especially secure against spying. However, if you send queries to a third party provider -- especially one which does not charge you and therefore can only make money from the service by spying on you -- that third party can amass information about your activities. And has every reason to do so, since -- as Internet users are learning -- when you are not the customer, you are the product. What's more, TLS "cookies" -- the subject of a recent RFC written by Google and now incorporated into the Chrome browser -- allow a provider of HTTPS-encrypted DNS sessions to track your individual devices and perform cross-device tracking of your activities as well. Like other third party VPN providers, Cloudflare appears to be engaging in slander against ISPs -- and unwarranted fearmongering -- so as to promote a service that is far less secure than the ones Internet customers are already using. It's also likely to be slower. When I compared my own ISP's highly optimized caching resolvers to Cloudflare's using Steve Gibson's DNSBench utility, we won by a country mile. So, before you abandon your ISP's service for one provided by a company with which you have no business relationship -- and which has no incentive to keep your business -- consider its motives. Remember: If you're not the customer, you are the product, and this appears to be what will happen if you use this new service. --Brett Glass
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180409224348:FC88B0EA-3C68-11E8-87E5-A4505A3F5591 Powered by Listbox: http://www.listbox.com
Current thread:
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 10)
- <Possible follow-ups>
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 10)
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 11)