640

Say (an encrypted) hello to a more private internet. (blog.mozilla.org)

submitted 11 months ago by buh@lemmy.world to c/firefox@lemmy.ml

62 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Ullebe1@lemmy.ml 8 points 11 months ago

Ordinary DNS requests are always plaintext and readable to anyone between you and the DNS server. So regardless of which DNS server you use, your ISP can see all your DNS lookups. For any amount of privacy for DNS, the minimum is something like DNS-over-TLS or DNS-over-HTTPS, the latter of which Firefox uses by default in some countries and supports everywhere.

[-] morrowind@lemmy.ml 6 points 11 months ago

I mean with this + DNS over HTTPS can we guarantee the isp can no longer see anything?

[-] Fissionami@lemmy.ml 2 points 11 months ago

They'll only see the IP you're connecting with and encrypted data packets being transferred on.

[-] dan@upvote.au 5 points 11 months ago

Ordinary DNS requests are always plaintext and readable to anyone between you and the DNS server.

Not just readable... The ISP can inject their own responses too. Regular DNS is both unencrypted and unauthenticated, with most clients not enforcing DNSSEC.

[-] metaStatic@kbin.social 3 points 11 months ago

so you're saying self host an authoritative DNS server

[-] dan@upvote.au 4 points 11 months ago

It's easy to setup something like AdGuard Home that provides malware blocking, ad blocking if you're interested in that, and supports DNS-over-HTTPS out of the box (unlike PiHole, which needs a bunch of manual setup)

this post was submitted on 03 Oct 2023

640 points (98.9% liked)

Firefox

17303 readers

95 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago

MODERATORS

k_o_t@lemmy.ml