Online Privacy – DNS Issues and some simple fixes

Author: | Last updated: June 9, 2020 | Security | Blog
Computers

This is the first part in a series of articles, that I hope will increase your awareness of online privacy issues and some of the steps you can take to address them.

Online privacy, it matters!

Why, because knowledge is power and when you expose all of your digital habits to a 3rd party, you give them power of you and more importantly, over society.

DNS

Lets look at the domain name service or DNS, this is the apparently trivial process of converting the human readable name of a website, eg facebook.com into a computer address that your device can understand (an IP address), eg 157.240.1.35. Most people have no idea this even exists, but every time you access anything on the internet, your device asks your service provider to convert the address into something it can understand, so cnn.com becomes 151.101.65.67, amazon.com becomes 205.251.242.103 and so on, it is the phone book of the internet and without it, the internet as you know it would cease to work. As with everything digital, you leave a footprint. Every time you ask a question, you get a reply and that is recorded somewhere.

So why does this matter? Well consider the simple example of having your newspaper delivered in the pre-digital age. The shop owner records your request and a handful of staff know your preference of paper and from that can probably make a good guess at your political affiliation and various generalisations about the kind of person you are.

Fast forward to present day, most of us get our news online and even those that have an actual paper delivered probably still get some news online. Most countries only have a few major internet providers, and by default, these providers also provide your DNS service and can therefore see every site you visit. Most countries also now have some sort of legislation requiring the provider to record and retain this information. Again, doesn’t sound like a problem, but it’s not just you. Your internet provider can easily determine the news preferences of every single customer that they have and of course, it’s not just news, it’s everything else you do online as well.

You now have an incredibly valuable seam of socioeconomic data and with the advances in machine learning and artificial intelligence, these can be mined and modeled in real time, giving anyone with access to that data a considerable amount of power and potentially influence. The stewards of this data are not elected and they do not answer to anyone other than their shareholders.

And this is just for DNS data, a basic and relatively unknown part of your internet service. The information you expose via email, social media, navigation and other applications is vastly more precise and informative.

So, I hope this gives you a brief in sight into why online privacy is important and why you should be concerned about it.

So what can you do about it?

In order to address your DNS privacy, you need to stop using your internet providers service, so what are your options:

  1. Use any free DNS service
  2. Use a free DNS service that makes statements supporting privacy and protecting your data
  3. Pay for a secure private DNS service
  4. Run your own DNS service

Let’s consider them:

1. Use any free DNS service

Literally anything is better that using your ISP’s DNS, so this is definitely an option. Google is the biggest provider in this space and their DNS service, on 8.8.8.8 and 8.8.4.4 provides a fast and reliable DNS service. However, you are just moving your footprints from your internet provider to Google and whilst you possibly gain some anonymity in doing this, you are basically gifting Google with your internet browsing history and I for one, do not think this is a great idea.

2. Use a free DNS service that makes statements supporting privacy and protecting your data

OK, sounds better than 1, but really, something for nothing? Sounds too good to be true. However, there are organisations that care deeply about online privacy, so maybe it’s worth a look. A quick internet search led me to Quad9 a free DNS service that claims to not record your IP address. They are a not-for-profit organisation founded by IBM, PCH and GCA so they certainly sound legit, their DNS addresses are 9.9.9.9 and 149.112.112.112 and they have some good setup information on the site. I’ll be doing a full review of their service at a later date so keep an eye out for it.

3. Pay for a secure private DNS service


Certainly a possibility, there are several paid for DNS services out there and they can also give you a lot more control of things like managing and reporting on your internet usage. If you can find one that is bundled with something else you need such as a VPN service, then this could definitely be worth looking at.

4. Run your own DNS service

This would certainly provide you with the most control over your DNS queries, but really not an option for most. For one it requires some resources to run the service, it needs to be always on so you need a server of some sort and it needs to be on your local network. Yes you can do it with a home server, or something like a raspberry pi, there really are a myriad of options but they all amount to the same thing, you must run the service on your network and IF it breaks, you won’t be able to use the internet and you will have some very upset family member or house mates. I have done this in the past and yes it does give you an amazing amount of control over your internet connection, but for most people, it is not an option.

So what am I using? Well, I had been using Cloudflare on 1.1.1.1 but having just discovered Quad9, 9.9.9.9, I have switched to using them. Look out for my review shortly.

Changing your DNS

Your chosen DNS provider will usually have instructions on how to setup their DNS and it’s usually best to follow them. In general, it just involves changing the DNS server settings on your network connection.

To make the change on your whole network, you need to change the setting on your internet router, again not a difficult task, but it does have the potential to break your internet connection, so always test your DNS settings on an individual device first and remember to record your router’s current settings before making any changes.

Quad9

Cloudflare

Google DNS

By changing your DNS to one of these services you have taken a small but significant step in improving your internet privacy.

Watch out for further posts in this series on understanding and improving your internet privacy.

Related Posts

October 22nd, 2019 justin