upvote

points

by TZubiri10 hours ago |
comments
upvoteby hirako200010 hours ago|
next
[-]
It isn't anonymous. DNS server resolve, IP addresses by hostnames. It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit.

Since ISP know your identity, and all it takes is to (request and get) the DNS logs and ISP servitude for all sort of questionable information, you as an identity are giving away all sites domains you visit.

reply
upvoteby sgbeal9 hours ago|
parent|
next
[-]
> It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit.

Correction: they can log host names/IPs, not URLs. The path of any given URL is part of the HTTP header, invisible to onlookers (assuming HTTP and assuming HTTPS is uncracked).

reply
upvoteby hirako20003 hours ago|
parent|
[-]
I can't edit. That is correct. URLs can't be known to a DNS server. Just the hostname and IP.
reply
upvoteby TZubiri1 hours ago|
parent|
prev|
next
[-]
Considering that the DNS in question is third-party, that is, it's independent from the ISP. Then the DNS and the ISP will not share data with each other on a routine basis, which would make this concern negligible for every day traffic.

So to simplify, the DNS provider has a map of IPs to Domains visited, while the other hand an ISP has a map of IP addresses to identities.

To even cross-reference the data, the ISP and the DNS provider would need to partner, and violate their privacy guarantees.

At the very least it's obvious that using a separate DNS provider than your ISP's provides additional anonimity by decentralizing your traffic. Although this comes with a tradeoff, having 2 providers increases the odds of partial leaks.

This analysis is so overkill for your personal traffic that it borders tinfoil territory, if we are in a professional setting and are discussing the competitive data of a company or that of thousands of users, then this level of scrutiny is merited, but as-is, separating your DNS provider from your ISP is already very marginal and a bit paranoid. Evaluating the DNS providers to such an extent that a huge security company with good legal standing would somehow qualify as unsafe, for the traffic of one user, I stress, is paralyzingly over-engineering the security of an infrastructure that has already been secured such that users don't need to know what a DNS and how to configure it in order to have safe and private internet.

Imagine going to the bank and asking the teller for a withdrawal but not disclosing the amount and coming up with a mechanism to withdraw without anyone from the bank knowing what you withdrew. Sure, it increases your security, but also come on, what are we doing here?

reply
upvoteby UqWBcuFx6NV4r7 hours ago|
parent|
prev|
[-]
Hi. If your response involves explaining the very very basics of DNS to someone that clearly knows what DNS is, please consider the possibility that you may have misunderstood them instead of lecturing them on the basics of ubiquitous internet technologies.
reply
upvoteby hirako20003 hours ago|
parent|
[-]
I didn't mean to offense. It did seem OP didn't get the IP can be logged, either that or how an IP can reveal identity.
reply
upvoteby mat_b5 hours ago|
prev|
next
[-]
I did some experimenting recently and I'm quite convinced that when I use Comcasts DNS they are selling it to advertisers. I've switched to 1.1.1.1 simply because it annoys me that Comcast is doing this.
reply
upvoteby edoceo4 hours ago|
parent|
[-]
How could that experiment work?
reply
upvoteby arvid-lind9 hours ago|
prev|
[-]
> A Cloudflare Ray ID is an identifier given to every request that goes through Cloudflare.

https://developers.cloudflare.com/fundamentals/reference/clo...

if you think a little creatively about how this information could be used by an organization that was created at the insistence of the United States Department of Homeland Security, then you're on the right track.

reply