Encrypt Your DNS (STOP Your ISP SNOOPING!)
Vložit
- čas přidán 1. 06. 2024
- We presume what we search for on the internet stays private. But you might be leaking all of your internet activity through something called a DNS request. It's possible that every site you want to visit is being collected and sold by your ISP, or monitored by countless other entities.
In this video we review what DNS is, and explain how to encrypt your DNS requests, to stop unwanted snooping on your internet activity.
00:00 Intro
00:45 Overview
00:53 What is DNS?
03:48 Protecting Your DNS?
07:31 Setting Up Encrypted DNS
07:56 Tutorial
09:55 Conclusion
Protecting DNS privacy should be a part of everyone's online safety practices. We want to be able to navigate the internet safely and with the peace of mind that not everything we're doing is under constant surveillance.
As always, we have no partnership with Quad9 or any other company, we just like to spread awareness of tools that we think will help people preserve their rights online. You can support our free educational content here:
www.nbtv.media/support
(tax-deductible in the US)
Be sure to check out all the previous and upcoming videos in our Private Home Network series!
• Home Network Privacy
Special Thanks to John Todd for guiding us through the tutorial process!
Brought to you by NBTV team members: Lee Rennie, Sam Ettaro, Reuben Yap, Cube Boy, Will Sandoval and Naomi Brockwell
NBTV's new eBook out now!
Beginner's Introduction To Privacy - amzn.to/3WDSfku
Beware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.
Visit the NBTV website:
nbtv.media
Watch this video on LBRY!
open.lbry.com/@NaomiBrockwell...
________________________________________________________________________
Here are a bunch of products I like and use. Using these links helps support the channel and future videos!
Recommended Books:
Beginner's Introduction To Privacy - Naomi Brockwell
amzn.to/3WDSfku
Permanent Record - Edward Snowden
amzn.to/305negc
What has the government done to our money - Rothbard
amzn.to/2KMzmcu
Extreme Privacy - Michael Bazzel (The best privacy book I've ever read)
amzn.to/3BLZ1gq
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State - Glenn Greenwald
amzn.to/2UQmJ4m
Naomi's Privacy Bag: some of my favorite products to help protect your privacy!
Use the Brave browser! brave.com/nao076
USB-C to ethernet adapter:
amzn.to/2lOVBoy
Faraday bag (signal stopping, to protect your fob, credit card, computer, and phone)
amzn.to/3DjIvCP
Data Blocker (if you're charging your phone in an unknown port, use this so that no data is transferred)
amzn.to/2SVh0J2
Computer privacy screen (use your computer in public? Keep your information safe! Choose the size right for your computer)
amzn.to/3F816Sn
Phone privacy screen (don't let people in public see your private data, choose the size for your phone)
Samsung note 10 - amzn.to/3wNtYwb
iPhone XR - amzn.to/3Q8Sq4S
Pixel 6a - amzn.to/3i9dnQz
Camera cover (for computers and phones, so no one can access your camera without you knowing)
amzn.to/3Z1N8Mz
Privacy Tip: Turn off your wifi and bluetooth when you're not using them!!! - Věda a technologie
Securing DNS is good, but ISPs can still do reverse DNS lookups on the IP addresses you connect to. There is also SNI exposures in the TLS handshakes between your browser and websites, which will usually reveal the domain name of the server (if the server is named after its domain, which many are). The real value of using Quad9 is in mitigating the actions of lazy ISPs and the DNS security feature that Quad9 provides (which is blocking known malicious domains).
I was thinking the same. Traffic still needs routing.
@@bgroesser right. The IP address has to be unencrypted to use it, because numerous routers and switches have to be able to route it correctly. The first stop out the door is your own ISP, who can do a reverse lookup on the IP and get the domain name, then log the fact that YOUR IP address went to THAT server.
Exactly
What's the alternative or solution?
@@cre8tivebreednothing because it's an envelope. You don't encrypt the address when posting a letter.
I am so incredibly happy that I have just found your platform/channel. This is the information that I have been trying to find for the past few months. I had always known that internet data was collected but I've only recently found out how intrusive it really is. Thank you so very much for your clear presentations. They are full of facts and the answers to my questions. As the narration is going on, a question forms in my mind and is almost immediately answered as if almost telepathically, lol. It's very obvious how much effort goes into a high-quality production like this given it's forward thinking. The person/people/team responsible for this extremely well executed presentation is one of the finest I have ever seen. I say that because I have never tried to find a true favorite yet but I see no reason why this wouldn't be a contender for the best. I say this as completely unbiased even though I have had an attraction to red since I was 2 years old, lol. Thanks again, I will be absorbing all the knowledge that I can from your productions. I wish you good luck during the turbulent economy that is looming over us and will likely last a decade or so.
PFSense is increasingly focusing on its proprietary commercial PFSense+ product, at the expense of the open source Community Edition. CE is updated far less frequently than PFS+ and doesn't receive a lot of the features of the commercial product. I moved to OPNSense last year for this reason. It's open source and actively developed, so it's likely to be a much better product over the longer term.
Well for home use PF+ is free and the license is not expensive considering the cost of hardware or VM. Not sure what you mean by proprietary either. I had ongoing DNS issues a couple of years back on CE but my device has been stable and with + for home it's an advantage. Either solutions are better than an off the shelf solution at walmart or best buy.
Another gem delivered as always, keep up the quality work and thanks for all that you and your team constantly do.
I stumbled upon this video as a pfSense and Unbound noob. What a masterful, concise and logical presentation that truly helped to eliminate the confusion created by many others. This is literally the best short video on the topic, earning you another subscriber. Excellent work!
Alright, i’ve watched a handful of your videos now. Holy hell, these are fantastic. I have seen a ton of educational privacy content, but your channel is hands down the best, and criminally under subscribed. Somehow you perfectly thread the needle, being able to conceptualize ideas for the privacy and security hobbyist like myself in an easy to understand package. Please keep up the good work Naomi and team. You have yourself a viewer for life. Cheers!
Thanks for watching!
@@NaomiBrockwellTV Hi Naomi, If I use TOR would that be the same or better than DNS encryption?
Well you believe this sht then I got free property in Hawaii . A DNS is a portal. And you all have no clue wtf a DNS means. I got cotton candy children.
This is fantastic. You have a new subscriber now. I'm sending this to everybody I know. I am an IT nerd, I know DNS queries are not encrypted, but just felt like that would be out of my control. Great information. Thanks!
Thanks for subscribing!
Excellent information again Naomi! Thank you
Thank you once again Naomi. That was really informative and I'll need to watch this several times to get my head around this!!
Sharp, independent, practical, precisely detailed content for the security conscious user. More please! And thank you!
Independent??
very *dependent* on companies or orgs @@area_5049
Yeah, independent?
@@y_strikes2770 Yeah, she's a secret G-woman. 😏
Thank-you Naomi. Every time I watch one of your videos, I improve my privacy/security by one significant step. This time, I tweaked my Pi-hole to use DNSSEC, because for no good reason I had it configured incorrectly. Perhaps pfSense or OPNsense is a better choice (?), but using the Pi-hole is effective and eye opening. (you don't need a Raspberry Pi, mine is running in a Proxmox VM)
Ward. What and how to install, to block all youtube adds in the network, even in smart tv
@collectorguy3919 - I am building a similar setup as you have. Using Pi-hole or Adguard to block ads, and using OPNsense as my firewall. But now, I've got a few new features to add - and all because of @Naomi. Great video!
Stumbled across your channel recently after watching some videos on privacy. I'm now on a binge sesh of your vids. Even watched 2 of your conferences. Really good content. Subed after the 1st video.
Thanks for your support!
Hi Naomi, I love all your videos! I was really excited to learn that the Texas Legislature just passed the Texas Data Privacy and Security Act. (Aka HB4 by Capriglione.) Sadly it doesn't go into effect for a year. I hear other States have similar efforts. Maybe it's a little early, but I'd love to see you do a video on this. I was getting sick of reading all the privacy policies and CA had the only Opt out exception. Keep up the great work! We are winning!
That's great to hear. Honestly texas is one of my favorite states
I suspect the only reason we're allowed to feel like we're winning and actually gaining ground in terms of privacy... Is because they have new methods of surveillance we aren't even aware of yet.
@@therealb888a it possible to route my internet from a Huawei router to pfsense?
@@therealb888great idea for a video! I hope you decide to never stop 👏 🎉
Yes, I’d have to agree with the others @Naomi you stand out as one of the best educational CZcamsrs for me! Your depth of coverage on these topics is amazing considering how entertaining and digestible you manage to make them. Thank you for putting out content that raises the bar on all fronts. :)
I really appreciate your kind words!
You deserve the kind words. I've learned so much from you extremely detailed videos. ❤ another fantastic video
just ask her out already jeez
@@NaomiBrockwellTVHey Naiomi. Don't mean to hijack the thread...have you heard of 4freedom mobile? Supposedly a privacy focussed mobile service provider which works in Australia, apparently. Do you know much about it?
All my data is saved and logged in physical memory inside the server that inside the room of isp when they need it just memory and some tools the to see everything I did from the day I subscribed until now
In the other side vpn and some step can help you to stay away from hackers and company, website ets... anything away from isp because the isp is the hub where my traffic gose and come from 🤭
Very nice video Naomi and very very well presented, Thank you!
great video! I haven't been thinking about DNS encryption but now is cristal clear that it is super easy to profile users by doing this. Will change to this setup. Thanks!
Well done, and so easy to understand. I know nothing about computers, but this was easy to follow. Thanks!
Love your ending song. Sure it's gonna be a huge summer hit ;p Excellent content as always. Love you Naomi 😍
Thank you for this, Naomi!
You are welcome!
Amazing video thank you for the explanations and looking forward to follow up video!
Thanks for the info drop Naomi!
fantastic! just subscribed without thinking. love the content
Thanks and welcome!
Thank you once again for all your wonderful work!
DNS is key, and I think you covered this topic with the perfect amount of details. Just enough to get the point across, without bogging it down with the details.
I would add PiHole or some other ad-blocker to your series of videos on this topic, where every webpage you load, there's no telling how many different servers that you make DNS requests for. Each frame, each advertisment, each Third-Party cookie you download is a website that can see your traffic and that you visited that particular website.
By pointing those rogue DNS requests to a sinkhole, you protect yourself from some of the other types of tracking that happens as you visit websites.
I would suggest AdGuardHome on a raspberrypi. It has everything built in and ready to go with just two commands to set it up, it also updates from the web interface, so no messing about with SSH. You set it up and it works.
It already has DoH DNS over HTTPS built in unlike PiHole and does not need various modules or bits added on - plus it is far more stable and you can set and forget. AGH is far more stable than pihole and programming is far better, plus they fix any faults - you don't get arrogant people on a forum who don't know how to do things.
The other handy thing is AGH does not have the many faults of PiHole. One fault PiHole has is chewing up SD cards by continuous writing to them. This makes systems fail regularly because of poor programming. There are various fixes and commands to use on PiHole and bits to add on, then procedures to update, but do people really want an unfinished product being trusted with their data?
AdGuardHome is what PiHole wanted to be!
Can you elaborate a bit on how that works?
What's the "perfect amount" of details? Information isn't a spice, u know? What I hear u saying is she doesn't provide enough info; but since every comment only kisses Naomi's ass, ur fine with her leaving it out.
@@jeremymoon9088 they are all simps. If a bloke did the exact same video all these people would rage about how wrong and vague the info was. I have seen this exact thing on videos that had the same approximate scope. The only difference was a male presenter. Everyone raged
@funbucket09 u read my mind! I actually used the word "simp" when I typed that comment; but I edited it before I posted it, because I didn't want to trigger anyone. Have u ever seen Jay at Learn Linux TV interview her? He gets all nervous and wimpy, it's some top level simpin. It's amazing how the internet will give an average woman attention as if she were a super model
Clear, detailed, informative and user-friendly. Only home-made french toast with fruit toppings is tastier.
Great Video as always thank you!
Great information, especially for someone just getting into networking.
I don't know if anyone has mentioned it already, but even with DoH (DNS over HTTPS), DoT (DNS over TLS) the TLS ClientHello packet is *not* encrypted, and yet they contain the domain you want to access. Not a whole lot of DPI (Deep Packet Inspection) needs to be done to guess where that particular user is going to, regardless of the upstream DNS server used... _(let's forget about DPI though, keep the talk on DNS)_
TLS 1.3 has an extension, ESNI (Encrypted Server Name Indication), so if employed as long as queries to the resolvers are done through encrypted DNS protocols (by the way, how come DNSCrypt wasn't mentioned? I think all of Quad9's servers support it too and there's at least a plugin for those using unbound :). ESNI alone wouldn't do much when used with the traditional DNS protocols, ECH (Encrypted ClientHello) would though! The ClientHello packet would be encrypted, but I haven't seen many (servers and clients, meaning not only OSes but also apps) support it, but I think it hasn't passed the draft stage yet, it is to be another TLS extension (so DoH, DoT would benefit). When do we get support for it across the board, even as experimental?
even with DoH, while domain destination is encrypted BUT the provider still could identity IP of server we are connecting, and from them they could simply associating it with some service or some website.
Was looking for this comment without having seen the vid yet.
@@marhensaThat! You need a provider or proxy you can trust, not only with DNS.
@@sourcebased yes that, also it's possible to host your own VPN server on VPS provider you can trust. even that VPS provider still could identify what IP you are connecting via VPN. using VPN and then browsing with ToR is for me the safest for now, but it will slows down the internet connection by a lot. but we don't need that extra privacy and security everyday, so it's just an occassional thing.
@@marhensa Yes, I was talking only about that practical everyday usage. If you need a higher level of anonymity, using Tor is the least indeed. Best used with Tails and changing hardware and location. I am glad that I don’t really need this in practical terms but I am aware that my internet usage is an open book to my provider and some players on the state services level, as well as my OS and hardware vendors to some degree. I just try to be conscious and selective with who could spy on me and what for.
I've been on a security/privacy kick for a while now. This is something that I knew only 1 tiny bit about, but certainly not enough to make effective changes.
I'll be going through the process of seeing how to implement this on my IPFire / Pi-Hole setup. Worst case scenario, I have no issues with replacing IPFire with PFSense.
I really appreciate this video and the Quad9 tip. I set up DoH (DNS over HTTPS) in just a few minutes on my MikroTik router running routerOS. Also installed the Quad9 android app on my phone.
nice!
Avoid quad 9.
@@tacticalcenter8658 Why?
@@tacticalcenter8658Why? Any information would be appreciated.
Like your way to explain it make it very simple, well for me I have been using pihole and unbound for more than year and it simple to setup up
This is a great mix of technical knowledge and "street level" accessibility> Very impressive!
Thank you so much for your excellent content...good job :-)
If the goal of this action is to limit your ISP from capturing your DNS queries then it is of very limited utility. Your ISP can simply do a reverse DNS lookup on the target IP address in the packets you send out once you received your name resolution from your encrypted DNS.
Indeed, it feels like an ad.
Yeah, you'd still want a VPN to hide that traffic.
Thanks for the information 👍👍
This is an excellent example of content that isn't served well by video presentation. What should be a few paragraphs on a page or two of text is definitely not worth waiting for the presentation to get to the meat of the matter.
What a fantastic video, you earned this sub.
Grazie!
Thank you to Naomi Brockwell, John Todd and all the NBTV team!
One small question:
After switching to quad9 is there a way to know that the switch is indeed working?
Like a linux terminal command... I could even settle for windows cmd command. Wishing you a nice evening!
Thanks, Naomi!
Finally someone calling data, data instead of Daeta
11:30 Lol...
Yes, Ma'am; It's a wonderful song.
It's going to be stuck in my head all day...😀
Whoa you guys are very underrated!
My ISP has embedded DNS so i don't have the option to change it in the modem and it makes me furious.
I'm trying to do a big project and changing the dns server is one of the steps and it is truly frustrating.
So my plan is to install Pfsense on my Proxmox & from there i will manipulate the modem into bridge mode...
If this does not work you guys have any advice? I subscribed :)
Love you Naomi❤🙏
Great vid, thx
I find tip videos like these get more people in the line of fire. Have you ever heard of Reverse DNS look up? Or perhaps fingerprinting? They can easily see past this. ISP have also reported that they slow down users found doing this.
PFSense gives the user more control, but Pi-Hole lets you add Quad9 (IPv4 and v6) and enable DNSSEC all very easily (within settings, DNS tab).
Naomi you are a boss!
Great ! thanks... I love you.
Great knowledge 👍🍻
love this!
Great video! How can you do that for phones or laptops after you leave the security of your home/office network?
A great use-case for DNS over HTTPS is the current state in the EU. Access to Russia Today is blocked EU-wide. But being the technical experts they are (lol), they are doing this on the basis of DNS. So by using an encrypted tunnel to an outside DNS resolver, this block can easily be bypassed. No VPN or such required. Simply specifying a different DNS resolver in your network config won't work because ISPs intercept DNS requests, so it has to be an encrypted connection.
Yes there is a small performance overhead due to TLS handshakes, but it's a huge privacy and freedom benefit.
I disagree with many of the actions of Russia's government, but I do not see how a supposed free society should be blocking content just because they disagree with it. It seems that the Iron Curtain is moving west.
What services provide those tunnels?
Truly empowering. This lady deserves our support in every form and fashion.
what basic DNS encryption (from both the client and service side) does is that one at least can be somewhat confident that the data is actually correct and not spoofed. The DNS client code of all widespread OSes (even Windows!) have supported it for quite a long time. That many applications don't make use of it is a different matter. All current widely used nameservers (BIND, NSD, PowerDNS, KNOT,...) comes supporting it by default. Setting it up can be challenging if it's your first time, but it is worth it.
I'd love to see some pfSense videos both on this topic and beyond.
You are the best 💖
I've got all of that set up in pfSense. But, what about browser settings? For instance, in Chrome Settings > Privacy and Security > Use Secure DNS: do I leave that off and assume all that will be handled by pfSense before the browser gets involved? Or, do I turn it on and set a service provider? Won't doing that override pfSense's settings?
The poster thanking Snowden is enough to earn a sub
@Naomi - As I understand it, PfSense has to be installed on a router? 1) Can it be installed it on a PC instead, so it will work when I connect to the internet from varying locations? 2) What if I use a USB modem with sim card & subscription for my internet connection? Can PfSense be used in this setup? 3) If it can be installed on a PC, does it use many resources, in other words, will it slowdown my PC?
pfSense/OpnSense is a router software or operating system and yes it can be run on any regular pc like an older Dell Optiplex. Add a dual or quad NIC and you have enterprise level router capabilities
@@mrmotofy Thanks for the information!
This is great information as usual, and you always beautiful Naomi, if I could I would hire you with no hesitation.
around the @9:46 mark i think you need to call out the option - Allow DNS server list to be overridden by DHCP/PPP on WAN or remote OpenVPN server - needs to be unchecked right?
Hi @Naomi, thanks for your content. Have a question, My router is ISP-Locked. If I use quad9 settings in Brave Browser will it still have the same effect?
Thanks
Not only does this provide a false sense of security, because the destination IP address is still visible to the ISP, but you also trade one entity (ISP) for another (random DNS provider) logging your traffic.
It doesn’s say sponsored video but it also doesn’t say, if you catch my drift. We need to check our ISP’s contract for snooping, but using this random DNS is also without any terms? Swiss, so it is safe? No product is just free. I’m pretty sure this company paid her to do this bit. Totally agree on false security, like your ISP doesn’t have the means to check. By the way, I work as consultant for a telco and GDPR laws are extreme, we can’t collect and sell anything from subscribers. DPI is not even allowed, because of net neutrality.
Thanks Naomi.
You put a lot of effort into masking and encrypting the request of a certain domain... and next you ask your ISP to connect you to a certain IP, that they can easily pin to the initial domain you were hiding.
Very good video! DNS is such a terrible protocol, I hope it will be replaced by something else in the future.
Chicken and egg problems are never easy to solve. If you have a better idea, let us know! I'm all for alternatives.
@@Pasukaru0 This is definitely not a "chicken and egg" problem here.
I'm not sure if this is a good fit for most users. PFSense seems to require purchases to get started and ongoing. The pitch seems to be directed to anyone including home users which is probably the majority of those watching this. Put another way, as a [retired] IT person, we would NEVER rely on sources like this for our information.
Unsure if you've ever covered it before, but should we be concerned about AdBlock Plus and uBlock Origin when it comes to privacy and security?
I know this is old. I'm thinking you found your answer but if you didn't. I'd like to try to help, I'd use uBlock Origin. It's the one I use it's 100% open source, and I looked through I haven't found anything wrong. uBlock is 100% safe though for sure (example what it does, blocks javascripts from a server (googles) and returns null; instead of a value. The other thing is it just blocks HTML elements). This is why they hate the F12 button, lol.
P.S. If any other extention has a blocker in it, like I use watchmaker it has one. Make sure to turn that off, it's not a security thing; it will just make videos not load.
Much Love and Respect
this video was awesome. TY
At the moment I'm using Technitium DNS in a docker container, but yeah. The fact that it's just communicating unencrypted with upstream authoritative servers is a concern to me. I don't have a pfsense router at the moment, so I'll likely have to deal with configuring unbound directly. I don't want to give up having a DNS resolve my local home lab addresses, so I'll figure out unbound.
And then encrypted dns is send to the one of the most spoofing/tracking firm on this planet where they can read it as unencrypted!, So really greate ideaa!
awesome .Thanks
if you setup Simple DNSCrypt on windows can do the same ? can you make a related video (as alternative also secure solution) ?
Likewise, OpenWrt can be used as well as pfsense and OpenSense.
My Asus RT-AX82U had all the configurations ready to go for this
2:45 i just want to point out that in the UK it is a legal requirement that isp's snoop your DNS traffic in order to enact blocking of p2p sharing sites. If you live in the UK, you need to manually set your DNS server ip's in your router to a service that supports DoH and malicious site blocking
4:45 this is why you don;t use unbound and you run another machine behind the pfsense box that can run an encrypted resolver (and now we are getting into territory where some basic IT qualifications would be nice)
Great info
❤ thank you .
Hi Naomi. Thank you again for a great educational video. I recently fired MS Win 11 and migrated to Fedora Silverblue for privacy reasons... DNS LEAKS are a NO GO... so I will update DNS settings tomorrow with the help of a Linux freelancer. Thank you much. 👍
OK... Can I use WinRar to encrypt my IP address?
@@Alfred-Neuman yes
@@funbucket09
Too late, I downloaded WinZip instead but I'm not too sure how it works. Is it encrypting the IP automatically?
@@Alfred-Neuman WinZip is good too. I forgot about the automatic IP encrypt feature. WinRAR doesn't actually have that. You have to set it up manually. So WinZip is better. Good choice.
Thanks naomi😮❤
We will never be sure if it saves if DNS is not encrypted. Quad9 is sponsoring this video and says there are not looking in your traffic, what is there benefit to move all traffic to them ask your self? But one Positive site on this is that their headquarters are in Swiss. Anyway nice video
Keep it up Naomi! 😁 Do robot dance next! 🤖
If you had more than one computer, or a laptop, how would you even set all this up? Would you need to do it multiple times? Or have multiple routers for each device?
Great!
Most of this is over my head but still interests me. I have Quad9 set on my router and I'm hoping this helps within my home network.
In simple terms what the video is about is the confidentiality of the DNS protocol itself (there is none, because it goes in the clear) and what to do about it, hence the suggestion to use an encrypted DNS protocol (DoH, DoT, DNSCrypt) instead of the traditional one. Switching to using Quad9 in your router instead of the ISP set servers (I suppose) doesn't really help in that regard I'm afraid, unless your router is using any of those protocols.
It does, however, help if your ISP were doing some sort of filtering through their DNS servers, plus, the default DNS servers for Quad9 offer some threat protection at that level by denying connections to known malicious domains.
Great song at the end 😂
Good info as usual but what is the relationship of this privacy method to that of using a VPN. Can this be used instead of a VPN, in conjunction with a VPN or does using either/or still provide a similar level of privacy? Your videos are awesome!
Usually when you use a VPN the VPN provider is handling your DNS. But if you have any other devices on your network like IoT devices, phones that don't have a vpn, etc, then changing your DNS settings is still a big help!
@@NaomiBrockwellTV Thank you!
Also, remember that most VPN providers are not as secure as they claim and most will happily give away data if asked by a government agency or police.
From what little research I have made Mullvad VPN seems to be one of the better ones but please do your own research.
@@alfepalfe Mullvad seems very good
@@alfepalfe Sorry to pilled up but still in doubts regarding OP question: If you do not trust your VPN provider is it technically possible to use both this amazing and simple method as shown in the video + A VPN ? (Let's say i'm stuck for 2 years with a Nord membership multi devices plan ? Would it make any sense or simply work to Change my DNS before Data's connect to a one of Nord's Node ? Or it works the other way around in this case i get it and have to choose one or the other....👍
Awesome videos👍, fantastic channel🙏
Since i've discovered it i'm bingeing it like a maniac but the 🐇 hole 🕳️ is Deep...
The more i'm learning, the more questions and complex you discover how hard it became to preserve your privacy or just encrypt your clouds data's, photos, email, Google Photo's face recognition and Metadata's usage is freaking me out😱. Govs don't even need anymore datas for their CBDS's Digital ID's we've been face scanned and analysed for years 😤🤦🏻♂️They crosscheck with others services from Google Ecosystem and even third party. Feels like an endless work even migrating on Linux, and assuming Google Drive or Dropbox, all cloud storage companies, really delete your datas if you terminate/delete your accounts, or encrypt on Local using an offline open source file encryptor and re-synch the encrypted content. And even by doing that you may trigger attention and have no proof and they wont retain your non end to end encrypted re-synched or deleted data's🤦🏻♂️🤬👨💻. Who knows what is their real retention time if any ?
It's really full-time job! 🤯🛂🧿👩💻🏦🕳️
I tried to do this on my pfSense install and then I couldn’t get web pages to load. Eventually, I discovered you also have to uncheck “Enable DNSSEC Support” for this to work. After that, I had no problems. I hope this helps!
Can u do me a favor sir 🙏? Can you let me know if you can see my comments on here? I don't understand other than being shadow banned, (which they say isn't real) as to why whenever I comment something, that is probably important to this dns subject, not one person says anything , I would really appreciate it. I have made 3 comments , 2 comments 12 days ago, and one a few mins ago.
@@omega.Networx yes
Thank you :)
Thank you
Does unbound protect against MITM attacks that intercept the TLS key exchange and masquerade as the quad 9 destination?
So I used to work for an ISP. The thing is every time you access a web page you can be resolving anything from 1 to dozens of various sites. The main site, sub, advertising, provider (Amazon, Microsoft, Apple…)
Multiply that with thousands of users, the flow of data is significant.
You’re not that interesting.
I didn’t understand any of this. What is PF sense and unbound? So you have to use 3 different things (PFsense, Unbound and Quad 9) to make it private?
Pfsense are one of the firewall OS you can install as your router( u need hardware ). Unbound is like an add-on integrate in this OS. Quad offer a service you can point ip from your router.
@@Jannickjay okay, thanks for explaining that. This all sounds out of my skill set to setup.
I use a router at home with ProtonVPN on it. I haven't had any issues with streaming services yet. My preferred VPN (for other devices), Mullvad, does have issues with streaming services.
Will PF Sense used in the manner you describe cause problems with streaming services? Will it slow down speed like VPNs do?
What do you think of RethinkDNS? Quad9 is available on there, as well as others. Does DNScrypt with relays create anonymity? Is RethinkDNS default settings sufficient for privacy?
Is a good private DNS sufficient for privacy? When would Quad9, or something similar, be a satisfactory replacement for a good VPN? Does a good VPN negate the need for Quad9, or something similar?
Keep up the good work Naomi. I watch all your videos, and am actively engaged in trying to improve my digital privacy.
Proton advices against third party DNS services alongside their VPN.
I didn't ask about that.
Does pfsense need to be running all the time ? If yes , is a rasbbery pi a good idea to run it from?
Interesting video and I am not an expert in any way on this. How does this affect a Smart TV where I heard you can use a different DNS server to avoid the irritating ads that keep being served up. Does using Quad9 also remove the ads from a Smart TV?
using a dns blocklist will stop ads, we have that video coming out in a few weeks
Does using Quad9 also remove the ads from a Smart TV?
So how much different is this from DNS over https? Since I don't use pfsense I enabled DNS over https using Quad9 DNS servers. Would that achieve similar results?
It's like I earned a Sub to your channel by watching this. Thanks!
Welcome!
OK, we can encrypt our DNS queries. But all DNS servers belong to either ISPs, private entities (Google for example) etc. So at the end our DNS queries will still end up with one or the other DNS service provider.
Hi Naomi, is it possible to share link to that podcast you mentioned here ?