- Jun 7, 2023
- 9
- 0
- 10
I am confused about DNS over HTTPS protocol. Is there an actual benefit of using this protocol from a privacy standpoint? Can my ISP see the sites I'm visiting when I'm using DNS over HTTPS?
Question Can my ISP see the sites I'm visiting when I use DNS over HTTPS ?
- Thread starter spartanmode
- Start date
- Oct 15, 2014
- 18,020
- 2,335
- 101,590
If you are using their DNS server then yes.
Change your dns server to something else and then they can't see that traffic. It still needs to be encrypted with https to keep them from seeing the traffic though.
Quick search for encrypted DNS will yield a ton of public options to use.
Change your dns server to something else and then they can't see that traffic. It still needs to be encrypted with https to keep them from seeing the traffic though.
Quick search for encrypted DNS will yield a ton of public options to use.
- Jun 7, 2023
- 9
- 0
- 10
So your answer implies that the organization that control the DoH server, wether that's ISP or other, can see the domains I have requested to resolve, correct?
- Oct 15, 2014
- 18,020
- 2,335
- 101,590
That is correct. Whoever looks it up for you has to know what you are asking it to look up. What they do with the info if anything is up to that entity.
Only way around it is to know the actual ip address of where you want to go so no dns server has to get involved
Only way around it is to know the actual ip address of where you want to go so no dns server has to get involved
- Jun 7, 2023
- 9
- 0
- 10
Whoever collects this information is highly incentivised to monetize it, not to mention privacy concerns. This is very concerning to me, I'm surprised there isn't better technology developed to handle DNS requests privately and securely in a decentralised way. I wonder if blockchain could be used to solve this problem.
- Oct 15, 2014
- 18,020
- 2,335
- 101,590
DNS is nothing but a giant phone book of domain names and their associated ip address. there are hundreds of main dns servers around the world and many many more smaller ones maintained by tons of different organizations. it's all designed to make sure the registry is correct and any changes are pushed down the line to all the others so they are all in sync at all times.
there's no way to somehow maintain your own private dns archive and keep it updated and yet somehow never have it online. just can't work that way and blockchain might be a different way to store the giant database but in the end when it is accessed, someone somewhere will still know who looked up what address. it's physically impossible to have someone look something up for you and them not know what they are looking up.
of course it is monetized and exploited to the fullest but that's the price of using the web. at least encrypted dns keeps the inquiry safe from other prying eyes except the endpoint. about the best you can do really. again if you have the actual ip address to type in, then you don't need dns to look it up for you. that's your only workaround.
edit: obviously what you are doing is illegal and your isp does not like it. you got bigger problems than just what your isp sees. i can say that your isp is not going to start investigating and following you around the web. once your traffic is past their routers/servers, then they are out of the loop and don't care. does not mean someone else won't be looking from the other end and tracing back to you, but that's not the isp or in their control.
in the end, your packet has to ultimately be addressed to your ip address. you can't deliver a letter with no address on it, just not possible and the internet routing is based on how the post office works. there are ways to hide that final address until the last second but in the end it has to be addressed to you and someone somewhere is going to know that is where it is going eventually.
there's no way to somehow maintain your own private dns archive and keep it updated and yet somehow never have it online. just can't work that way and blockchain might be a different way to store the giant database but in the end when it is accessed, someone somewhere will still know who looked up what address. it's physically impossible to have someone look something up for you and them not know what they are looking up.
of course it is monetized and exploited to the fullest but that's the price of using the web. at least encrypted dns keeps the inquiry safe from other prying eyes except the endpoint. about the best you can do really. again if you have the actual ip address to type in, then you don't need dns to look it up for you. that's your only workaround.
edit: obviously what you are doing is illegal and your isp does not like it. you got bigger problems than just what your isp sees. i can say that your isp is not going to start investigating and following you around the web. once your traffic is past their routers/servers, then they are out of the loop and don't care. does not mean someone else won't be looking from the other end and tracing back to you, but that's not the isp or in their control.
in the end, your packet has to ultimately be addressed to your ip address. you can't deliver a letter with no address on it, just not possible and the internet routing is based on how the post office works. there are ways to hide that final address until the last second but in the end it has to be addressed to you and someone somewhere is going to know that is where it is going eventually.
Last edited:
- Jun 7, 2023
- 9
- 0
- 10
I respectfully disagree, eventually they will figure something out. If you look at Monero for example it's a very good solution to exchanging value (information) in a private manner. Also there is Tor network. And I just did a search they're working on a DNS over tor project which would solve the privacy issues. Now, is it possible to scale these technologies globally, is another consideration.
- Oct 15, 2014
- 18,020
- 2,335
- 101,590
right that's the problem. the internet is worldwide. if the dns server is not complete, then when you type in www.facebook.com and that is not in the database, you get an error returned and can't get to that site.
tor is not as private as folks like to think it is. google silk road and read up on how the tor network was compromised (and still is) and all that supposed anonymity was shattered in a short time.
unless you yourself are the one looking things up, then whomever does it has to know what they are looking up. there is no "blind and mute servant" that can do the work and never utter a word to anyone else. no matter how you store the dns entries or route the traffic about, in the end it ends up as a request to the server and at that point it know someone asked for that ip address. if they desire or need to, they can surely start tracing that traffic back to its source. all you can do is try to make it really hard to figure out, but every stop on the way knows where traffic came from and the next place it is going. with the right tools you can follow the path no matter how hard you try to hide it.
many vpn's say they don't maintain any logs which would mean once your traffic was followed that far it would be a dead end since there was now log to keep following the path. but even this has been shown to not be a full stop dead end. again your isp honestly does not look past their own servers. if that's all your worried about, its easy to encrypt past them.
tor is not as private as folks like to think it is. google silk road and read up on how the tor network was compromised (and still is) and all that supposed anonymity was shattered in a short time.
unless you yourself are the one looking things up, then whomever does it has to know what they are looking up. there is no "blind and mute servant" that can do the work and never utter a word to anyone else. no matter how you store the dns entries or route the traffic about, in the end it ends up as a request to the server and at that point it know someone asked for that ip address. if they desire or need to, they can surely start tracing that traffic back to its source. all you can do is try to make it really hard to figure out, but every stop on the way knows where traffic came from and the next place it is going. with the right tools you can follow the path no matter how hard you try to hide it.
many vpn's say they don't maintain any logs which would mean once your traffic was followed that far it would be a dead end since there was now log to keep following the path. but even this has been shown to not be a full stop dead end. again your isp honestly does not look past their own servers. if that's all your worried about, its easy to encrypt past them.
TRENDING THREADS
-
RTX 4070 vs RX 7900 GRE faceoff: Which mainstream graphics card is better?- Started by Admin
- Replies: 58
-
Question New pc build r9 7900x3d rtx 4080 super no post only ram rgb turns on- Started by Harvey Durward
- Replies: 2
-
Question PC Shuts down during shader building on Last Of Us Part 1- Started by ohgoditschris1
- Replies: 18
-
Question Bought a new m.2 SSD. Will be added to my build for music programs. Do i need to delete and reinstall these programs?
- Started by rashadd26
- Replies: 10
-
Question Will this monitor be supported by my gpu or is it too much
- Started by machieb
- Replies: 4
-
Facebook
Twitter
Instagram