Interesting People mailing list archives
Re How to keep your ISP's nose out of your browser history with encrypted DNS
From: "Dave Farber" <farber () gmail com>
Date: Tue, 10 Apr 2018 09:52:11 -0400
Begin forwarded message:
From: Chris Beck <cbeck () pacanukeha net> Date: April 10, 2018 at 9:49:47 AM EDT To: Dave Farber <dave () farber net> Subject: Re: [IP] Re How to keep your ISP's nose out of your browser history with encrypted DNS "What's more, ISPs do not snoop on DNS." This, of course, is clearly indeed blatantly not true. Brett's blindness to the venality of large ISPs (we exclude CenturyLink obviously because we've learned recently that they have no customers) and paranoia of Cloudflare cast a deep and obscuring cloud over the valuable things he has to say such as the difficulty small rural providers have in getting decent upstream connections.On Tue, Apr 10, 2018, 07:27 Dave Farber, <farber () gmail com> wrote: Begin forwarded message:From: Brett Glass <brett () lariat net> Date: April 9, 2018 at 9:14:42 PM EDT To: dave () farber net Subject: Re: [IP] How to keep your ISP's nose out of your browser history with encrypted DNS Dave: The entire premise of this article is, sadly, incorrect -- and appears intended to promote a service via fearmongering. Using a different DNS server does not affect corporations' ability to snoop on one's browser history, since anyone who can see the source and destination IP addresses of a packet can perform reverse DNS on those addresses on its own. What's more, ISPs do not snoop on DNS. In fact, because their DNS resolvers are generally connected to their customers via secure links (especially in the case of WISPs, which encrypt the last mile), those links are especially secure against spying. However, if you send queries to a third party provider -- especially one which does not charge you and therefore can only make money from the service by spying on you -- that third party can amass information about your activities. And has every reason to do so, since -- as Internet users are learning -- when you are not the customer, you are the product. What's more, TLS "cookies" -- the subject of a recent RFC written by Google and now incorporated into the Chrome browser -- allow a provider of HTTPS-encrypted DNS sessions to track your individual devices and perform cross-device tracking of your activities as well. Like other third party VPN providers, Cloudflare appears to be engaging in slander against ISPs -- and unwarranted fearmongering -- so as to promote a service that is far less secure than the ones Internet customers are already using. It's also likely to be slower. When I compared my own ISP's highly optimized caching resolvers to Cloudflare's using Steve Gibson's DNSBench utility, we won by a country mile. So, before you abandon your ISP's service for one provided by a company with which you have no business relationship -- and which has no incentive to keep your business -- consider its motives. Remember: If you're not the customer, you are the product, and this appears to be what will happen if you use this new service. --Brett GlassArchives | Modify Your Subscription | Unsubscribe Now
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180410095218:6069DD02-3CC6-11E8-A015-C0955A61BC8C Powered by Listbox: http://www.listbox.com
Current thread:
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 10)
- <Possible follow-ups>
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 10)
- Re How to keep your ISP's nose out of your browser history with encrypted DNS Dave Farber (Apr 11)