VehiclesFashionRecipesBlogsHuntTravelsSportFunHandmadeITEducation
Mini-Games
x

x
zakruti.com » IT - Software » IT, programs, coding
Is Encrypted DNS Good for Privacy? - Rob Braxman Tech

Is Encrypted DNS Good for Privacy? - Rob Braxman Tech

FBTwitterReddit

video description

Rating: 4.0; Vote: 1
Is Encrypted DNS Good for Privacy? - Rob Braxman Tech New changes coming to the Internet! Google about to start Encrypted DNS, or DNS over HTTPS (DoH, or DNSSec. Is encrypted DNS great for privacy? Or not? Get the real story
Date: 2022-03-20

Comments and reviews: 10


DNS servers do not synchronize, they just cache and expire cache entries
5: 02 only when encrypted with DoT or DoH
5: 32 they could do that, if they do is a different story. Pretty certain in Europe this is less common.
8: 00 most websites are hosted at a provider with shared hosting, so the IP is used for many websites. Only the larger websites have dedicated IPs (now those websites are used often of course.
SNI leaks the name much more directly, but it's hopefully going to be encrypted in the near future.
A VPN also just moves the problem to somewhere else.
11: 53 it looks like Cloudflare has Tor hidden service support for their resolver. Now that solves does solve the problem. And should still be pretty fast (a hidden service has less Tor overhead. The ISP can't see the DNS-request, Cloudflare can't see your IP and no additional overhead from a VPN. Encrypted Client Helo (Encrypted SNI) solves the last part in the hopefully near future.
Seems to me we are close to solving this problem.

reply

Great video! I'm a security engineer and am doing a lot of research into how we can protect our clients against malware using encrypted DNS. Not many people realize the infosec ramifications of this. Most malware uses domain names for command and control, and exfiltration of data. Detecting DNS queries to malicious servers could become very difficult.
One thing to note, though, is that VPN providers are currently making tons of money on collecting our data as well, but Tor is a decent solution. VPN providers are just as susceptible to data breaches, modifying data, selling your info, and giving data to governments.

reply

Generally, I agree with your statements and applaud them. However, Cloudfare's 1. 1. 1. 1 encrypted DNS can be set on a a system level in devices running Android 10, ChromeOS, macOS and Windows, irregardless of the browser used, and without any app. (An app is only required on iOS to my knowledge) Cloudfare does not sell information and purges it after 24 hours, so it seems to be the closest thing to anonymous DNS available. Please explain what is your basis to condemn. Cloudfare's 1. 1. 1. 1. Thank you.
reply

I think it dependson your situation. If you are using DNS provided by ISP in your country, somebody in the government might probably controlling and using the information to bully you or manipulate you by their agents in the department. You feel pain when they are manipulating your personal things. Whereas using a different DNS will make you being controlled by a single domain but there is no personal effect. Maybe they will use the information for marketing purposes but you simply can ignore it.
reply

I dont understand the difference between DNS Data Collection vs VPN Data Collection. If u use no VPN u can change ur DNS source to Quad9 they dont sell ur IP so it is saver than Google or Cloudflare. If u use VPN then the VPN Hoster have ur Data and u cant make anything about it, this it the thing where trust is a must be. Tor is not a allround solution because f--k it, it is to slow for average use.
reply

I have heard one way they can shut down parts of the internet is to shut down dns allocating sites, and there are not that many. Wouldn't it be a good idea to make an encrypted notepad file of all the ips of all the sites you have bookmarked, or at least the ones that you commonly use? I would imagine sites would then pop up on the dark web giving the ip's to those shut down dns names?
reply

When using a VPN. The same problem applies to this subject, since you also shift your trust to just one party. Being: the VPN provider. I rather use LibreDNS, it's a well trusted, no log DNSprivider (the logging on the deamon is disabled) and the use OpenNic as resolver, no Cloudflare/Google in sight.
reply

this was great. I appreciate that you give us your thoughts/opinions but you also give us the proper names of the technologies you discuss so that interested folks can do further digging into the topics. Cheers, looking forward to hearing more from you.
reply

Rob what are your thoughts on the DNSCloak on IOS? It claims to encrypt through cloudflare but through a vpn. When I enable it the vpn icon appears on my phone. Does the vpn part negate the cons of using a DNSCloak? Thank you
reply

The DOH is going to bother ISP to sell our personal information but I don't think it bothers Google that much because it gives them a nice image and they just need the public IP and an account with them to track us
reply
Add a review, comment






Other channel videos