You wouldn’t announce every website you visit to a crowded room, so why do you let your Internet Service Provider (ISP) and other third parties listen in on your every digital step?
We install privacy screens on our monitors and use encrypted messaging apps, all while using a tool that exposes our Internet activity to anyone positioned to listen. This tool is the Domain Name System (DNS), the backbone of the Internet. This article not only covers how the DNS protocol can compromise your online privacy, but also how to address this problem and maintain privacy in our digital world.
What is DNS?
At its core, the DNS is the phonebook of the Internet. Each device connected to the Internet communicates using addresses called IPs. Memorising these strings of numbers, such as 2603:1020:201:10::10f, or even 13.107.246.64, is impractical for humans, not only because it is difficult, but also because these addresses may change over time. DNS solves this problem by translating human-readable domain names, such as microsoft.com, into their corresponding machine-readable IP addresses, and vice versa. This translation process is called DNS resolution, and it lets your browser load the desired webpage when you enter a URL instead of an IP address. This process facilitates the usability of the modern Internet. However, its fundamental design contains a critical flaw.
The problems
DNS was developed in 1983 for a smaller, more trusted Internet to transmit its queries and responses in plaintext, and since then its core design has not evolved to meet the challenges of today’s world, where data is currency and surveillance is a business model. This lack of encryption means that anyone between the user’s device and a recursive resolver can read the contents of these DNS requests with minimal effort.
No third party is better positioned to exploit the plaintext nature of DNS than your ISP. Since the ISP operates as the default recursive resolver for nearly all of its customers, it sits at a critical checkpoint through which the vast majority of a user’s web activity flows. By logging these unencrypted DNS requests, your ISP can compile a deeply personal file on each of its customers. This log can include:
- A complete history of every website visited.
- The exact time of each visit.
- The type of device used to access the internet.
- Information about app usage patterns.
This data collection is not a passive by-product of providing internet service, it is a deliberate and highly profitable business strategy. The browsing data they collect is a goldmine for advertisers, marketing firms, and data brokers.
In 2021, a Federal Trade Commission report revealed that ISPs collect and share data that can be used to infer users’ race, ethnicity, sexual orientation, political affiliations, and religious beliefs. This data is then sold to what the FTC termed “dodgy middlemen”, who use it for hyper-targeted advertising and other purposes that may not be in the user’s best interest. Even when ISPs claim in their privacy policies not to “sell” data, the FTC found that they often share it with parent companies, or just hide disclosures about monetisation practices in legal fine print, rendering consumer choice an illusion.
Internet censorship is another significant problem. By blocking certain resources at the DNS query level, providers can restrict access to certain types of resources in a specific region. This practice is common in countries with dictatorships, but it can also occur in other places. This reality turns DNS privacy from a niche technical concern to a fundamental requirement for resisting commercialised surveillance.
If the privacy risk from a trusted ISP is passive, the threat of untrusted public Wi-Fi networks is active. The lack of DNS encryption is amplified in cafes, airports, hotels, and libraries. On a public network, it is not just the network operator who can see your traffic, but potentially any other user connected to it.
This opens the door to a range of malicious attacks. For example, packet sniffing. Because DNS queries are in plaintext, the attacker can easily capture all the data packets flowing over the Wi-Fi network and build a list of every site a user is attempting to visit. Or a more active form of eavesdropping, called Man-in-the-Middle, where an attacker positions their device between the victim’s device and the Wi-Fi router. This allows them to not only intercept but also alter the traffic in real time, to trick you into using a malicious IP instead of a legitimate one.
While an ISP’s surveillance is generally for commercial or governmental purposes, an attack on public Wi-Fi is often targeted and opportunistic, with more immediate consequences. An attacker who sees a DNS query for a banking website can use that information to immediately launch a phishing attack or try to hijack the session. Protecting DNS is therefore critical for both long-term privacy against systemic surveillance and immediate security against targeted attacks. There are several solutions, each with its advantages and disadvantages, so let’s take a closer look at them.
Available solutions
The first and oldest method is to manually change the DNS settings on a computer or home router. Instead of using the default DNS servers provided by the ISP, users can point their devices to a public DNS provider such as Google or Cloudflare. This approach is helpful as it redirects all DNS traffic to the specified provider, including both DNS queries from the browser, which normally make up the majority of this traffic, as well as DNS queries from separate programs running on the device.
However, this approach suffers from a serious flaw – centralisation. By directing all network traffic through a single third-party provider, the user hands over their unencrypted browsing history to a single corporation. While this removes the ISP from the equation, it does not solve the problem of a single organisation holding all the information about a user’s online activity. In addition, this approach does not protect the user from eavesdropping, as DNS queries are still transmitted in clear text.
The second, more advanced, method is to use a protocol called DNS over HTTPS, or DoH. This protocol encrypts DNS queries and wraps them in standard HTTPS traffic. This method has two immediate effects: it encrypts the query, making it unreadable to eavesdroppers, and as a bonus, it masks DNS traffic, making it indistinguishable from normal web traffic to the ISP or network administrator.
In recent years, a well-intentioned effort to improve user privacy has led to the integration of DoH directly into web browsers. It is now possible to configure the use of DoH in popular browsers like Mozilla Firefox, Google Chrome, and Brave. While this seems like a significant privacy gain, in-browser DoH has a number of drawbacks.
The first disadvantage, as mentioned in the case of the manual DNS set up, is the centralisation of traffic. DoH settings in modern browsers only allow you to select one DoH provider, usually from a small list of large technology companies, such as Cloudflare or Google, who act as DoH providers. In practice, the user simply trades one observer (their ISP) for another.
And the second disadvantage of in-browser DoH is that only traffic originating from the browser will be protected by DoH protocol. This means that any other DNS traffic, such as from other applications running on the device, will not be encrypted and will still be sent to the default ISP in plaintext.
A truly secure approach must address both encryption and centralisation problems. It should not only protect DNS queries from eavesdropping, but also prevent any single organisation from collecting a user’s entire browsing history. I have found such a versatile approach in an open source solution called SDNS-ProxyServer.
DNS proxy is a software that runs on hardware you control, whether it’s a small device like a Raspberry Pi on your home network or just your personal computer. Such a proxy server acts as an intermediary for all DNS traffic, sitting between all the devices on your network (computers, phones, smart TVs) and the Internet, and securely resolving all DNS queries according to a set of rules you define.
SDNS solves the problem of encrypting traffic by using the DoH protocol mentioned earlier. As a bonus, it makes DNS traffic look like normal encrypted web traffic, so it’s difficult for anyone monitoring your network to recognise the DoH traffic. This camouflage makes SDNS a powerful tool for privacy and censorship bypass.
Another advantage of self-hosted DNS proxy servers over solutions such as in-browser DoH and manual DNS provider configuration, is their ability to combat centralisation. SDNS configuration lets the user create a list of trusted DoH providers to be used randomly for each DNS request. This effectively spreads the browsing history across multiple providers, and no single provider will ever receive a complete chronological log of your Internet activities.
Bottom line
True digital sovereignty in the modern era requires not just a simple fix, but a fundamental shift in thinking. It requires a transition from being a passive consumer of services dictated by large corporations to being an active administrator of your own critical digital infrastructure. This is the principle embodied by a self-hosted, privacy-enhancing DNS proxy.
A tool like a self-hosted DNS proxy is not just software, it is a practical application of this shift in thinking, which gives control over privacy and security back to the user. For people concerned about the invisible erosion of digital privacy, such a move is no longer a matter of preference, it is a necessary and empowering act of reclaiming their own digital footprint.
And many thanks to Iona Watt for her help with editing this article.
