As I’ve become more conscious of privacy vulnerabilities and how companies profit from them, I have become increasingly concerned about DNS.
It seems that DNS is (intentionally?) left out of many privacy “solutions”. For example, I used calyxVPN on Android for months before I realized that Android did not send DNS requests through the VPN connection by default, so the network operator was still able to view all the sites that I visited via the VPN, even though I thought that my web traffic was private at the time. What a privacy disaster.
Then, more recently, I was using a firefox-based browser with DNS-over-HTTPS and a “custom” DNS provider entered in the settings. I was traveling and using a public network, and I got an error message that I could not access a site that I was trying to visit, because my browser could not reach Mozilla’s DNS server! Mozilla’s server was not the DNS server that I had entered in the settings! So either (1) Firefox was ignoring my selection to (maliciously?) continue sending all my DNS queries to themselves so they could continue to track all of the sites that I visit, or (2) the error message was incorrect. Either way, it does not instill confidence.
Has anyone else noticed DNS as a highly concerning and little-talked-about privacy problem?
I’m interested to hear your own stories, solutions, frustrations, etc. I really have heard very few people talk about DNS privacy solutions, other than DNS-over-HTTPS generally, which does nothing to protect privacy if, for example, Google/Mozilla is selected as DNS provider.
There are usability issues here to balance. Robust DNS is an availability issue, which may contribute to how things are. It would be nice to have it more secure and private by default, since it is possible. But there is also increased likelyhood that then some things/sites/services may not always work (IMO, that’s normal and gets fixed over time, but some may take a different view and see it as a fail, not as a preventative save).
One of the many mini-projects I will be dealing with in the near future is deploying a Tor exit relay, which also recommends a local caching DNSSEC-validating recursive DNS resolver:
My current thinking is to use Technitium DNS Server since it has a Docker image and a web console:
Afterwards, I plan on providing public DNS resolution, although I am still not sure if I want to support OpenNIC and related TLDs as well.
For home use, it may make sense to block DNS in the firewall except as used by the local DNS server - hence forcing every client device and all applications either to use the local DNS server or to tunnel DNS in some way (whether via VPN - probably good - or via DoH - may or may not be good depending on who the server is). However that does nothing for portable devices when they are being used outside the home. (You don’t make clear whether the “firefox-based browser” was on a laptop or on something else.)
Post 8 in first linked post above covers my direction for home use.
I used […] Android […] What a privacy disaster.
Fixed that for you.
I get that a VPN on Android protects you against an untrusted mobile service provider but it is fairly difficult to make any claim on privacy when you use Android regardless.
That is, even if your DNS arrangements were working as configured, if you are handing your DNS requests over to Android to perform the lookups correctly as configured, you get no guarantees as to the surveillance that Android itself undertakes regarding your lookups.
This is tricky because, in a sandboxed application environment, the operating system may legitimately want to prevent applications doing their own lookups and hence to force the application to hand the lookup to the operating system to perform … but if you can’t trust the operating system then this too is problematic.
