From 4a0ef5093f74542adecc39fea21b96103f0c41c5 Mon Sep 17 00:00:00 2001 From: curben Date: Thu, 4 Apr 2019 20:28:31 +1030 Subject: [PATCH] fix: formatting --- source/_posts/doh-tls-privacy.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source/_posts/doh-tls-privacy.md b/source/_posts/doh-tls-privacy.md index 9b04f2d..2400678 100644 --- a/source/_posts/doh-tls-privacy.md +++ b/source/_posts/doh-tls-privacy.md @@ -2,6 +2,7 @@ title: DNS-over-TLS/DNS-over-HTTPS does not protect your privacy date: 2019-04-04 00:00:00 tags: +- Privacy - Security --- @@ -17,7 +18,9 @@ But even with all that, I repeat, ISP still *knows* what IP address you are conn Websites that are behind Cloudflare can be harder to lookup. For example, `dig is.gd @9.9.9.9` returned `104.25.23.21`, but going to that IP resulted in a Cloudflare error page. So, every website should use Cloudflare, I guess? -Anyhow, DoT/DoH helps to address DNS spoofing issue by preventing the DNS query/answer from being maliciously modified. It makes it *harder* for the ISP from recording your browsing history because it prevents them from doing DNS logging. But they can still continue doing **IP logging**. Many news article also perpetuate the misconception that it can prevents ISP surveillance. +Anyhow, DoT/DoH helps to address DNS spoofing issue by preventing the DNS query/answer from being maliciously modified. It makes it *harder* for the ISP from recording your browsing history because it prevents them from doing DNS logging. But they can still continue doing **IP logging**. Not to mention DoT/DoH resolvers also can log DNS traffic. Even [DNSCrypt](https://en.wikipedia.org/wiki/DNSCrypt) cannot prevent that. + +A brief search on DoT/DoH topics showed many (most?) news articles perpetuate the misconception that it can prevents ISP surveillance. Title | Link --- | --- @@ -26,8 +29,9 @@ Android takes aim at ISP surveillance with DNS privacy | [[2]](https://nakedsecu Android To Get 'DNS over TLS' Support To Hide Your Browsing Data From ISPs | [[3]](https://wccftech.com/android-dns-over-tls-isp/) New Android Future "DNS over TLS" going to Stop ISPs from Knowing what websites you visit | [[4]](https://gbhackers.com/dns-over-tls/) Prevent ISPs from seeing what website you’re viewing with DNS over TLS | [[5]](https://www.thesslstore.com/blog/what-is-dns-over-tls/) +Android getting "DNS over TLS" support to stop ISPs from knowing what websites you visit | [[6]](https://www.xda-developers.com/android-dns-over-tls-website-privacy/) + -Not to mention DoT/DoH resolvers also can log DNS traffic. Even [DNSCrypt](https://en.wikipedia.org/wiki/DNSCrypt) cannot prevent that. ***TL;DR*** DoT/DoH doesn't hide your IP. Use Tor/VPN for that. \ No newline at end of file