Open DNS services are a great way to speed up your internet. At the same time they are very insecure and all of your URL requests are tracked. Here’s some info on why you should avoid them if you can
What DNS services are tracking
- IP address (your address to the outside world)
- Geolocation (where are you right now)
- URL’s (what websites are you visiting)
- Timestamp (what date did you visit that website
- Your actual Internet Service Provider / ISP (who provides your internet service)
OpenDNS and Co: A threat to your privacy?
Now let me explain why this is bad. It is very likely (although there is little evidence!) that the NSA and other intelligence agencies have backdoors to all DNS providers. They are an easy target. Of course, projects such as OpenDNS still have a massive infrastructure, but they deliver exactly what is needed to create metaprofiles on a selected target. Go through the list of data they are tracking and compare it with the list of data necessary to create a profile on you. Yup, your browsing habits can be quickly revealed that way.
What is DNS?
DNS stands for domain name system and is much like a telephone book for the internet. Everytime you visit a website like facebook.com you are making a request to a so called nameserver that is resolving that IP e.g. 22.214.171.124 to an actual domain name. The system is quite complex, so called A records store the IP address a domain resolves to, which you can usually change directly in your domain control panel. But in order to propagate IP addresses more quickly there are root-servers around the world. Nameservers have to query the root-servers from time to time to verify that they have the latest updates. If you would like to find out more about how this works, read the Wiki article on root name servers . To better understand it, buy a domain from GoDaddy and go into the DNS editor and look up your A records.
So Why Is It A Bad Idea To Use A 3rd-Party DNS provider?
In general it is a good idea to use a 3rd-party service, because if many people use a DNS provider, the IP’s are stored in a cache. This makes the lookup in the “telephonebook” much quicker. So instead of having to look it up individually, the name will get quickly resolved and your access to the site is faster.
However, DNS providers log a lot of information and may be a soft target. If you don’t want to let everyone know you are visiting facebook or any other site, it may be a good idea to use the DNS provided by your ISP behind a so called VPN with a built-in DNS service on top of a service like Tor.
Why using a VPN won’t help
Lastly, a VPN won’t help. A lot of VPN providers don’t use their own DNS servers, they use services such as OpenDNS and as soon as you are making a request do a website, the names do not get translated by your VPN but by that 3rd-party DNS provider. Dang! All of your browsing habits are in the open again.
We will be providing a few solutions to this problem throughout the coming weeks. Stay tuned for updates.