Interesting People mailing list archives

Re How to keep your ISP's nose out of your browser history with encrypted DNS

From: "Dave Farber" <farber () gmail com>
Date: Mon, 9 Apr 2018 22:43:40 -0400




Begin forwarded message:

From: Brett Glass <brett () lariat net>
Date: April 9, 2018 at 9:14:42 PM EDT
To: dave () farber net
Subject: Re: [IP] How to keep your ISP's nose out of your browser history with encrypted DNS

Dave:

The entire premise of this article is, sadly, incorrect -- and appears intended to promote a service via 
fearmongering.

Using a different DNS server does not affect corporations' ability to snoop on one's browser history, since anyone 
who can see the source and destination IP addresses of a packet can perform reverse DNS on those addresses on its 
own. What's more, ISPs do not snoop on DNS. In fact, because their DNS resolvers are generally connected to their 
customers via secure links (especially in the case of WISPs, which encrypt the last mile), those links are especially 
secure against spying. However, if you send queries to a third party provider -- especially one which does not charge 
you and therefore can only make money from the service by spying on you -- that third party can amass information 
about your activities. And has every reason to do so, since -- as Internet users are learning -- when you are not the 
customer, you are the product. What's more, TLS "cookies" -- the subject of a recent RFC written by Google and now 
incorporated into the Chrome browser -- allow a provider of HTTPS-encrypted DNS sessions to track your individual 
devices and perform cross-device tracking of your activities as well.

Like other third party VPN providers, Cloudflare appears to be engaging in slander against ISPs -- and unwarranted 
fearmongering -- so as to promote a service that is far less secure than the ones Internet customers are already 
using. It's also likely to be slower. When I compared my own ISP's highly optimized caching resolvers to Cloudflare's 
using Steve Gibson's DNSBench utility, we won by a country mile.

So, before you abandon your ISP's service for one provided by a company with which you have no business relationship 
-- and which has no incentive to keep your business -- consider its motives. Remember: If you're not the customer, 
you are the product, and this appears to be what will happen if you use this new service.

--Brett Glass




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180409224348:FC88B0EA-3C68-11E8-87E5-A4505A3F5591
Powered by Listbox: http://www.listbox.com

Current thread:

Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 10)
- <Possible follow-ups>
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 10)
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 11)