In reply to a post by smouty:

Which is fine if you do not mind them harvesting your browsing habits and selling the data on.

That happens in the USA, but do we know if that is legal in the UK ? I'm certainly not a lawyer, but a lot of the US centric "internet security" marketing we are inflicted with may not have this in mind.

Unbound is best for privacy but not so easy to setup for people with a consumer type router.

Agreed, I use unbound on my hosted servers.

In reply to a post by smouty:

Which is fine if you do not mind them harvesting your browsing habits and selling the data on.

But all your packets go through your ISP’s routers. They could easily harvest your browsing habits if they wanted to.

In reply to a post by j0hn83:

All the big DNS providers would respond in 16ms except cloudflare, who were only 11ms. So I used cloudflare DNS.

After years of using Google I thought I'd try Cloudfare, and it pinged 1ms more than Google!

In reply to a post by ParksidePeter:

In reply to a post by j0hn83:

All the big DNS providers would respond in 16ms except cloudflare, who were only 11ms. So I used cloudflare DNS.

After years of using Google I thought I'd try Cloudfare, and it pinged 1ms more than Google!

Are you going to notice this in real-world browsing?

Cloudflare has some advantages. There's malware filtering on 1.1.1.2, and malware+family filtering on 1.1.1.3. And they do pledge to keep your data private, unlike Google - although which of them you trust the most is up to you, of course.

In reply to a post by TinyMongomery:

In reply to a post by smouty:

Which is fine if you do not mind them harvesting your browsing habits and selling the data on.

But all your packets go through your ISP’s routers. They could easily harvest your browsing habits if they wanted to.

You are able to use encrypted DNS and/or a VPN to avoid this.

Edited by smouty (Fri 29-Dec-23 19:31:27)

A VPN just makes the VPN company see your data.

Again a lot of the marketing around VPNs and privacy from your ISP is based on USA law.

But your web requests to servers still go through their routers. Of course they could track your browsing. And I’d trust my ISP more than I would a VPN provider.

In reply to a post by TinyMongomery:

But your web requests to servers still go through their routers. Of course they could track your browsing. And I’d trust my ISP more than I would a VPN provider.

Then you can see why Google started requiring websites to use HTTPS. The traffic is encrypted, even without a VPN. Google's stance that said sites wouldn't be listed unless they used HTTPS, and when Lets Encrypt appeared making it free for websites to encrypt made this easy.

Now web browsers tell you of sites that are not encrypted, instead of the old days when you were advised to check for padlocks etc.

Edited by jchamier (Sat 30-Dec-23 08:38:26)

HTTPS doesn’t encrypt the destination IP address. Routers still need to know where to route packets to.

True, although if the destination address is a CDN like Cloudflare or Akamai, the IP address doesn't tell you what site is being accessed.

To do that, you either need to do some deep packet inspection for SNI, or you need to look at DNS queries.