Privacy-protection-for-web-browsing

[kelownman]

MOST OF THE traffic on the web is encrypted. And more websites are adopting basic encryption measures every day. That means that, in theory, eavesdroppers have a hard time seeing whom you're writing to on Gmail or what you're looking up on Wikipedia.

But there's a catch. Big sites like Google and Facebook can see what links you click from their services, and use tracking cookies to follow you around the web. Various tools can help you block this type of tracking, but another big window into your browsing habits remains. Your broadband provider or someone who has hijacked your internet connection could still see what sites you're visiting. They might not be able to tell what you're watching on, say, Pornhub, but they can know that you visited the site.

That's an obvious problem for people who live under authoritarian regimes. But there are other reasons to worry. Many broadband providers in the US are also media and advertising companies. Verizon, for example, has an extensive digital advertising operation thanks to acquisitions of AOL and Yahoo. It's perfectly legal for carriers to their customers' internet history to target advertising.

For the past two years, the Internet Engineering Task Force, which sets standards for the web, has been working on a new protocol for the internet's address book—the domain name system, or DNS—that would make it harder to spy on what pages you visit. The standard isn't finalized, but the security company Cloudflare appears to be launching a service called "1.1.1.1 that supports the new protocol. A test version of the Firefox web browser implements the protocol, but Cloudflare's service is not enabled by default.1

The 1.1.1.1 website was publicly available Thursday, drawing links and comments on Hacker News. The 1.1.1.1 site was offline by mid-day Friday. But a cached version of another Cloudflare page with the same content was still visible at Archive.org.2 Cloudflare declined to comment.

The reason it's so easy for prying eyes to see what websites you're visiting has to do with the design of DNS. Whenever you visit a website using its domain name, like "wired.com," software on your phone or computer looks up the domain using what's called a DNS resolver. The DNS resolver, typically run by your broadband provider, translates the domain name into a number called an IP address that your device can use to actually find the site you're looking for.

Communication between your device and the DNS resolver typically is unencrypted. You can get around this by using a service called a virtual private network, or VPN, which routes all your traffic through a single connection, essentially making it appear that you only visit one site. But an incorrectly configured VPN could still "leak" DNS information.

The new "DNS over HTTPS" protocol would fix that by encrypting communication between devices and DNS resolvers much the same way web traffic is encrypted today. The operator of a DNS resolver would still be able to see what sites you're visiting, but it would be much harder for outside parties to intercept that data. A similar protocol called DNSCrypt works with Cisco’s DNS resolver OpenDNS, but hasn’t been widely adopted.

The idea behind Cloudflare's service is that instead of using the DNS service offered by your broadband provider, you would go into your operating system's preferences and point to 1.1.1.1. You can do this today, but because most operating systems don't support DNS over HTTPS, your DNS queries generally won't be encrypted unless you’re using software that supports the standard, such as the test version of Firefox.

Cloudflare would still have access to your browsing history if you use its DNS resolver, and not everyone is happy about that idea. "Cloudflare is a third party that some of us don't necessarily want to trust with our browsing history," one user wrote in response, when Mozilla, the maker of Firefox, revealed its initial plan to test the service.

“This experiment is testing a feature that could add valuable privacy and security protections for our users,” Mozilla director of trust and security Marshall Erwin responded in the same forum thread. Selena Deckelmann, an engineering director at Mozilla, updated the thread on Friday saying the test that would have used Cloudflare's DNS resolver by default has been put on hold.3

https://www.wired.com/story/new-encrypt ... -browsing/

for instructions on how to set up your computer, go here https://1.1.1.1/

[kelownman]

So, I followed the set up instructions and set IP4 and IP6 to their DNS servers. It seems very fast I do not see any noticeable lag or slowness when browsing.

How much privacy protection is there? That is anyone guess. They claim they will never sell users info and surfing habits, but who knows after they get a few million using their DNS before they monetize it.

[GordonH]

Little off topic:
Still along privacy issues, there is no chance I'd ever get either Amazon Alexa or Google Home.
Just seen a report on future ideas of these devices, pretty well a listening device of every conversation within the home. Talk about about invading ones personal privacy.

Those thinking of buying one of these devices, you may want to think twice.

[Bsuds]

Little off topic:
Still along privacy issues, there is no chance I'd ever get either Amazon Alexa or Google Home.
Just seen a report on future ideas of these devices, pretty well a listening device of every conversation within the home. Talk about about invading ones personal privacy.

Those thinking of buying one of these devices, you may want to think twice.

The google home mini has a button on the side to turn off the mic. if you don't want it listening all the time.

Wish the Wife had one of those.

[GordonH]

Oops forgot to turn off our personal listening device. Best off/on switch is to leave the item at the store.

[vinnied]

Conspiracy or not, I believe our smart phones are also listening. Tech giants like facebook, google etc, wont admit to it though, until they get caught of course.

[Even Steven]

I came in peace with the fact that people can read anything I write, see any photos I take, and read every single text/email I send. I don't know if it's being done for sure, but I know it's possible which mean you just have to accept that it's being done.

You find peace once you accept it, and stop worrying. Kinda like death - both are inevitable.

[Merry]

Just read this interesting article on how much info all our smart devices are collecting about us. Quite scary when you think about it.

https://gizmodo.com/the-house-that-spie ... 1822429852

all the connected devices constantly phone home to their manufacturers. You won’t be aware these conversations are happening unless you’re technically savvy and monitoring your router like we did. And even if you are, because the conversations are usually encrypted, you won’t be able to see what your belongings are saying. When you buy a smart device, it doesn’t just belong to you; you share custody with the company that made it.

[Woodenhead]

I use Tails if I want some privacy. Other measures on top of that, depending.

Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD.

The
Amnesiac
Incognito
Live
System