[conspire] Internet Privacy: today's vote and measures to take

Josef Grosch jgrosch at gmail.com
Wed Mar 29 13:26:29 PDT 2017


On 03/29/2017 01:14 PM, Rick Moen wrote:
> Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> 
>> This measure only makes sense in conjunction with not passing any
>> unencrypted data....
> 
> I do not concur.
> 
> Using the ISP nameservers gives the ISP (via its logfiles) detailed
> real-time data on the lookups of all of your end-user activities, in
> addition to what it gets via other means such as logging of IP
> connection and potentially of http bitstreams.  
> 
> If using a local recursive nameserver under your local control and not
> that of other parties, you are (as to DNS lookup data)leaking only the 
> bitstream of your nameserver's own lookups from other authoritative
> servers, once per FQDN covering the typically long TTL period.  Most
> user queries will be answered from cache.  Therefore, real-time,
> detailed information on your IPs' DNS lookups is not visible to your ISP
> at all, because almost all of that is handled strictly locally.
> 
> You will on average get significant improvements in performance and
> reliability for the same reason.


I could not agree more. Running your own caching name server is
ridiculously easy. Of course the fly in the ointment is that some ISPs
block DNS traffic going to any other name server other than their own.



Josef


-- 
Josef Grosch       |  Another day closer  |
jgrosch at gmail.com  |  to Redwood Heaven   |  Berkeley, Ca.




More information about the conspire mailing list