DNS and VPN’s – A Dynamic Duo to Protect Your Browsing History

VPN

Let’s get started with VPN’s or Virtual Private Networks. Why would you want to use one and should you use a free or pay service?  The first part of that question is easy; without one you are trusting your personal browsing history to be protected by your Internet Service Provider (ISP). I think it is safe to assume that is not too much protection.  The second part of the question is harder to answer, but part of the answer revolves around whether your VPN keeps logs and which country it is headquarter in.

First before we get ahead of ourselves, what is a VPN; Alan Henry of LifeHacker describes it is as; ‘a group of computers (or discrete networks) networked together over a public network—namely, the internet. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they’re not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they’re using an untrusted public network.’

Eyes Everywhere

The terms “Five Eyes“, “Nine Eyes“, and “14 Eyes” often appear in the privacy community, especially when discussing VPNs and other privacy tools.  In short, these are just international surveillance alliances representing various countries around the world. These surveillance alliances work together to collect and share mass surveillance data with each other. Therefore, many VPN experts advise picking a VPN headquartered outside of these countries’ jurisdiction.

The Five Eyes (FVEY) countries include: Australia, Canada, New Zealand, United Kingdom, and The United States
The Nine Eyes countries include: 5 Eyes countries, Denmark, France, Netherlands, and Norway
The 14 Eyes surveillance countries include: 9 Eyes countries, Germany, Belgium, Italy, Sweden, Spain

Some say concerns about these surveillance jurisdictions are overblown or misguided, and that it really does not matter. You often hear this argument from VPN companies (and their marketers) that are based in the US or Canada. This line of thinking at best may be misinformed and at worst is an unnecessary risk.

Logs

Let’s talk logs.  With over 300 VPN providers on the market, it is difficult to know who to trust. You want your VPN to be completely private, anonymous, and secure. The real issue is if your VPN keeps logs of your usage then all it takes for that information to be released is a subpoena which in all truth are easy to get. Many VPNs store or log data for the purpose of either, selling/sharing your data to 3rd parties, limiting bandwidth, improving their service, logging with rental servers (VPS) or applying with laws.

Below are the commonly collected logs/data according to VPN privacy policies. 

  • Bandwidth (51%)
  • Connection Timestamps (49%)
  • Your IP address (40%)
  • Websites you visit (19%)

Click Here to see a detailed list of 100 Popular VPN’s and what logs they maintain.  Aggregate means the VPN service is supposedly ensuring the collected data is anonymized and not connected to specific users. The operative word here is ‘supposedly’.

DNS

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

The main reasons to switch to a third-party DNS instead of your Internet Service Providers (ISP) is security and performance. ISPs do not always use strong encryption on their DNS or support DNSSEC, which makes their DNS queries vulnerable to data breaches and exposes users to threats like man-in-the-middle attacks. In addition, ISPs often use DNS records to track their users’ activity and behavior. These resolvers don’t always have great speeds and when they get overloaded by heavy usage, they become even more sluggish. If there is enough traffic on the network, an ISP’s server could stop answering requests altogether. In some cases, attackers deliberately overload an ISP’s servers, resulting in a denial-of-service.

There are various free public Domain Name services that you can use.  So, how to decide which one is the fastest and the most secure. You can download a free utility that will test the various public DNS’s and see which is the fastest based on your connection and location. You can download DNS Benchmark at:  https://www.grc.com/dns/benchmark.htm. This software does not need to be installed, just download, and run.  The three most commonly used services are operated by Google, OpenDNS, and Cloudflare.

Cloudflare 1.1.1.1.

1.1.1.1 is a fast and private way to browse the Internet. It is a public DNS resolver, but unlike most DNS resolvers, 1.1.1.1 is not selling user data to advertisers. The implementation of 1.1.1.1 makes it the fastest resolver out there.

Cloudflare has been doing this for quite a while now and has recently released what they call: Cloudflare for families.  While 1.1.1.1 can safeguard user privacy and optimize efficiency, it is designed for direct, fast DNS resolution, not for blocking or filtering content. Cloud Flare for families is one step beyond that and comes in two flavors. One that helps blocks Malware and the other that helps block Malware and Adult Content.  You can read more about their service at: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/

Changing Your DNS

This for the most part it is fairly easy, you can get the 1.1.1.1 w/ WARP app for your Android or Apple mobile devices, but for your home it is usually the easiest to change your router settings. You will need to log into the admin section of your router to make these changes.  Of course, it would be next to impossible to provide detailed instructions for every possible router here. My suggestion is to do a search for your router make and model along with DNS settings (ex. ‘Actiontec C3000A DNS Settings’) You should find plenty of articles on the subject. Cloud Flare has some helpful articles on changing these settings at: https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families/setup-instructions/

Conclusion

Your browsing history tells volumes about you and is valuable information. Government agencies know this which is why many in congress are pushing for warrantless searches when it comes to your electronic data. Businesses also want access to your browsing history so they can learn your purchasing and search habits. The bottom line is that there are many who will pay for this data and your Internet Service Providers (ISP) is more than happy to accommodate them in those efforts by reselling it. Remember, this is information about you, and your online activity. It is up to you to protect it and keep it private.