this post was submitted on 15 Mar 2021
1 points (100.0% liked)

Privacy

31734 readers
703 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Cloudflare DNS has DoH, but it's Cloudflare so... ew. Is there one that is more privacy respecting and also has DNS over HTTPS?

all 5 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 0 points 3 years ago* (last edited 3 years ago) (1 children)

This is controversial because they are "big bad" companies. But in some cases I think that is a plus because they have some responsibility to do as they say.

  1. Use a resolver that is a part of Mozilla's Trusted Recursive Resolver Program. Mozilla makes them agree to a solid privacy policy: https://wiki.mozilla.org/Security/DOH-resolver-policy#Conforming_Resolvers
  2. Google DNS. Obviously controversial but their privacy policy is very good. They keep "full" logs for at most 48 hours and only for debugging purposes.

The major concern for all of these is that they are allowed the keep anonymized logs forever. This means that if the hostname itself it sensitive then it can be recorded forever. (For example if you have "secret" subdomains).

The other option is running your own recursive resolver, this mostly nullifies the private subdomain issue as only the authoritative server will see it (other than network snoopers) however this has very real downsides.

  1. It exposes your IP address to many authoritative servers with no guarantees about the logs they keep.
  2. It can be slow as there is no shared cache.
  3. Requests from your resolver to the internet are not encrypted.

Disclaimer: I used to work at Google (but not on Google Public DNS) and have no affiliation with other named or referenced companies.