Privacy

33462 readers

493 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

What's a good privacy respecting DNS over HTTPS provider? (lemmy.ml)

submitted 3 years ago* (last edited 3 years ago) by [email protected] to c/[email protected]

28 comments fedilink hide all child comments

Cloudflare DNS has DoH, but it's Cloudflare so... ew. Is there one that is more privacy respecting and also has DNS over HTTPS?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 3 years ago (1 children)

Yes that's how DNS resolution works. Any DNS resolver can either query another resolver (most commercial internet routers will query your ISP's resolver), or resolve the domain name themselves by querying DNS servers from right to left in the domain name.

For example, querying lemmy.ml involves:

querying ICANN root servers for ml DNS servers
querying ml DNS servers for lemmy
querying lemmy DNS servers for an IP address to connect to

Recursive resolution is a feature of the DNS system which ensures distribution of power among actors, so a single bad actors, even when very high in the hierarchy, can't have too much negative impact further down the chain. For example, if root servers are compromised, they couldn't stop lemmy.ml from resolving: they could stop the whole of ml from resolving (because ml is part of the zone they have authority for) but nothing more. This aspect of DNS limits temptation of censorship.

[–] [email protected] 1 points 3 years ago (1 children)

Wouldn't it still be plaintext though? Someone upstream the network (namely your ISP) datamining your network traffic would still be able to tell which domains you're requesting, right?

[–] [email protected] 1 points 3 years ago (1 children)

Short answer, yes. But Authoritative DNS over TLS (ADoT) is being standardized for encrypting resolver-to-authority queries.

[–] [email protected] 1 points 3 years ago

Does Unbound support this already?