curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: formatting

This commit is contained in:
curben 2019-04-04 20:28:31 +10:30
parent d5e36c96cf
commit 4a0ef5093f
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source/_posts/doh-tls-privacy.md
View File

@ -2,6 +2,7 @@
title: DNS-over-TLS/DNS-over-HTTPS does not protect your privacy
date: 2019-04-04 00:00:00
tags:
- Privacy
- Security
---
@ -17,7 +18,9 @@ But even with all that, I repeat, ISP still *knows* what IP address you are conn
Websites that are behind Cloudflare can be harder to lookup. For example, `dig is.gd @9.9.9.9` returned `104.25.23.21`, but going to that IP resulted in a Cloudflare error page. So, every website should use Cloudflare, I guess?
Anyhow, DoT/DoH helps to address DNS spoofing issue by preventing the DNS query/answer from being maliciously modified. It makes it *harder* for the ISP from recording your browsing history because it prevents them from doing DNS logging. But they can still continue doing **IP logging**. Many news article also perpetuate the misconception that it can prevents ISP surveillance.
Anyhow, DoT/DoH helps to address DNS spoofing issue by preventing the DNS query/answer from being maliciously modified. It makes it *harder* for the ISP from recording your browsing history because it prevents them from doing DNS logging. But they can still continue doing **IP logging**. Not to mention DoT/DoH resolvers also can log DNS traffic. Even [DNSCrypt](https://en.wikipedia.org/wiki/DNSCrypt) cannot prevent that.
A brief search on DoT/DoH topics showed many (most?) news articles perpetuate the misconception that it can prevents ISP surveillance.
Title | Link
--- | ---
@ -26,8 +29,9 @@ Android takes aim at ISP surveillance with DNS privacy | [[2]](https://nakedsecu
Android To Get 'DNS over TLS' Support To Hide Your Browsing Data From ISPs | [[3]](https://wccftech.com/android-dns-over-tls-isp/)
New Android Future "DNS over TLS" going to Stop ISPs from Knowing what websites you visit | [[4]](https://gbhackers.com/dns-over-tls/)
Prevent ISPs from seeing what website youre viewing with DNS over TLS | [[5]](https://www.thesslstore.com/blog/what-is-dns-over-tls/)
Android getting "DNS over TLS" support to stop ISPs from knowing what websites you visit | [[6]](https://www.xda-developers.com/android-dns-over-tls-website-privacy/)
Not to mention DoT/DoH resolvers also can log DNS traffic. Even [DNSCrypt](https://en.wikipedia.org/wiki/DNSCrypt) cannot prevent that.
***TL;DR*** DoT/DoH doesn't hide your IP. Use Tor/VPN for that.