[conspire] Internet Privacy: today's vote and measures to take
Rick Moen
rick at linuxmafia.com
Wed Mar 29 13:14:57 PDT 2017
Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> This measure only makes sense in conjunction with not passing any
> unencrypted data....
I do not concur.
Using the ISP nameservers gives the ISP (via its logfiles) detailed
real-time data on the lookups of all of your end-user activities, in
addition to what it gets via other means such as logging of IP
connection and potentially of http bitstreams.
If using a local recursive nameserver under your local control and not
that of other parties, you are (as to DNS lookup data)leaking only the
bitstream of your nameserver's own lookups from other authoritative
servers, once per FQDN covering the typically long TTL period. Most
user queries will be answered from cache. Therefore, real-time,
detailed information on your IPs' DNS lookups is not visible to your ISP
at all, because almost all of that is handled strictly locally.
You will on average get significant improvements in performance and
reliability for the same reason.
More information about the conspire
mailing list