trash
fedilink
@ninchuka@lemmy.one
mod
link
fedilink
English
21Y

how does DNS over TLS help with privacy? please explain it to me, since the ISP can still see the IP your sending data to and getting data from and can just reverse DNS lookup that IP

@American_Jesus@lemm.ee
link
fedilink
English
2
edit-2
1Y

With plain DNS the ISP can see that you request example.tld to 1.1.1.1

With encrypted DNS (DoT, DoH, DoQ, DNSCrypt…) the requests are encrypted with TLS or other, o only see that you connected to dns.cloudflare.com not the domain that you request, so it cannot see that you requested example.tld

@TiffyBelle@feddit.uk
link
fedilink
English
2
edit-2
1Y

ISPs can always see what domains you visit due to it being leaked in plain text via the SNI portion of the Client Hello sequence of establishing a TLS connection to a web server, whether your DNS requests are encrypted or not.

It’s important to remember that using encrypted DNS does not shield the domains names you visit from your ISP. I feel this is a fundamental misunderstanding that gives some a false sense of privacy. At best, from a privacy perspective, you might avoid DNS-based logging which are slightly more trivial to log than domain taken from SNI.

voxel
link
fedilink
English
11Y

isp can still see the ip, but it’s not as big of an issue as plain domain names (because the default dns logs requests 90% of the time).

@ninchuka@lemmy.one
mod
link
fedilink
English
11Y

I’m fairly certain that’s not how it works, you’re describing a VPN where your isp routes all traffic to an IP

@American_Jesus@lemm.ee
link
fedilink
English
11Y

Almost, but only for DNS https://heimdalsecurity.com/blog/what-is-encrypted-dns-traffic/

You can also use DNS-over-SSH or DNS-over-TOR, only tunnels the DNS not the whole traffic

Create a post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…


Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

  • 1 user online
  • 2 users / day
  • 7 users / week
  • 70 users / month
  • 647 users / 6 months
  • 1 subscriber
  • 665 Posts
  • 11.1K Comments
  • Modlog