Re How to keep your ISP's nose out of your browser history with encrypted DNS

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Chris Beck <cbeck () pacanukeha net>
> Date: April 10, 2018 at 9:49:47 AM EDT
> To: Dave Farber <dave () farber net>
> Subject: Re: [IP] Re How to keep your ISP's nose out of your browser history with encrypted DNS
>
> "What's more, ISPs do not snoop on DNS."
>
> This, of course, is clearly indeed blatantly not true. Brett's blindness to the venality of large ISPs (we exclude 
> CenturyLink obviously because we've learned recently that they have no customers) and paranoia of Cloudflare cast a 
> deep and obscuring cloud over the valuable things he has to say such as the difficulty small rural providers have in 
> getting decent upstream connections.
>
>
> > On Tue, Apr 10, 2018, 07:27 Dave Farber, <farber () gmail com> wrote:
> >
> >
> >
> > Begin forwarded message:
> >
> > > From: Brett Glass <brett () lariat net>
> > > Date: April 9, 2018 at 9:14:42 PM EDT
> > > To: dave () farber net
> > > Subject: Re: [IP] How to keep your ISP's nose out of your browser history with encrypted DNS
> > >
> > > Dave:
> > >
> > > The entire premise of this article is, sadly, incorrect -- and appears intended to promote a service via 
> > > fearmongering.
> > >
> > > Using a different DNS server does not affect corporations' ability to snoop on one's browser history, since anyone 
> > > who can see the source and destination IP addresses of a packet can perform reverse DNS on those addresses on its 
> > > own. What's more, ISPs do not snoop on DNS. In fact, because their DNS resolvers are generally connected to their 
> > > customers via secure links (especially in the case of WISPs, which encrypt the last mile), those links are 
> > > especially secure against spying. However, if you send queries to a third party provider -- especially one which 
> > > does not charge you and therefore can only make money from the service by spying on you -- that third party can 
> > > amass information about your activities. And has every reason to do so, since -- as Internet users are learning -- 
> > > when you are not the customer, you are the product. What's more, TLS "cookies" -- the subject of a recent RFC 
> > > written by Google and now incorporated into the Chrome browser -- allow a provider of HTTPS-encrypted DNS sessions 
> > > to track your individual devices and perform cross-device tracking of your activities as well.
> > >
> > > Like other third party VPN providers, Cloudflare appears to be engaging in slander against ISPs -- and unwarranted 
> > > fearmongering -- so as to promote a service that is far less secure than the ones Internet customers are already 
> > > using. It's also likely to be slower. When I compared my own ISP's highly optimized caching resolvers to 
> > > Cloudflare's using Steve Gibson's DNSBench utility, we won by a country mile.
> > >
> > > So, before you abandon your ISP's service for one provided by a company with which you have no business 
> > > relationship -- and which has no incentive to keep your business -- consider its motives. Remember: If you're not 
> > > the customer, you are the product, and this appears to be what will happen if you use this new service.
> > >
> > > --Brett Glass
> >
> > Archives | Modify Your Subscription | Unsubscribe Now         



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180410095218:6069DD02-3CC6-11E8-A015-C0955A61BC8C
Powered by Listbox: http://www.listbox.com