Encrypt Your DNS (STOP Your ISP SNOOPING!)

Показать описание

We presume what we search for on the internet stays private. But you might be leaking all of your internet activity through something called a DNS request. It's possible that every site you want to visit is being collected and sold by your ISP, or monitored by countless other entities.

In this video we review what DNS is, and explain how to encrypt your DNS requests, to stop unwanted snooping on your internet activity.

00:00 Intro
00:45 Overview
00:53 What is DNS?
03:48 Protecting Your DNS?
07:31 Setting Up Encrypted DNS
07:56 Tutorial
09:55 Conclusion

Protecting DNS privacy should be a part of everyone's online safety practices. We want to be able to navigate the internet safely and with the peace of mind that not everything we're doing is under constant surveillance.

As always, we have no partnership with Quad9 or any other company, we just like to spread awareness of tools that we think will help people preserve their rights online. You can support our free educational content here:
(tax-deductible in the US)

Be sure to check out all the previous and upcoming videos in our Private Home Network series!

Special Thanks to John Todd for guiding us through the tutorial process!

Brought to you by NBTV team members: Lee Rennie, Sam Ettaro, Reuben Yap, Cube Boy, Will Sandoval and Naomi Brockwell

To support NBTV, visit:
(tax-deductible in the US)

Visit our shop!

Our eBook "Beginner's Introduction To Privacy:

Beware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.

Visit the NBTV website:

Watch this video on LBRY!

________________________________________________________________________
Here are a bunch of products I like and use. Using these links helps support the channel and future videos!

Recommended Books:

Beginner's Introduction To Privacy - Naomi Brockwell

Permanent Record - Edward Snowden

What has the government done to our money - Rothbard

Extreme Privacy - Michael Bazzel (The best privacy book I've ever read)

No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State - Glenn Greenwald

Some of my favorite products to help protect your privacy!

Faraday bag (signal stopping, to protect your fob, credit card, computer, and phone)

Data Blocker (if you're charging your phone in an unknown port, use this so that no data is transferred)

Camera tape (electrical tape is the best tape for covering phone and computer cameras)

USB-C to ethernet adapter:

Privacy Screens (use your phone and computer in public? Keep your information safe!)

Computer: (Search for the size right for your computer)

Phone: (Search for the size for your phone, decide whether you want glass or plastic!)

Рекомендации по теме

Комментарии

I stumbled upon this video as a pfSense and Unbound noob. What a masterful, concise and logical presentation that truly helped to eliminate the confusion created by many others. This is literally the best short video on the topic, earning you another subscriber. Excellent work!

glennw

Securing DNS is good, but ISPs can still do reverse DNS lookups on the IP addresses you connect to. There is also SNI exposures in the TLS handshakes between your browser and websites, which will usually reveal the domain name of the server (if the server is named after its domain, which many are). The real value of using Quad9 is in mitigating the actions of lazy ISPs and the DNS security feature that Quad9 provides (which is blocking known malicious domains).

OcteractSG

Another gem delivered as always, keep up the quality work and thanks for all that you and your team constantly do.

stryfespoint

Sharp, independent, practical, precisely detailed content for the security conscious user. More please! And thank you!

fotisgezepis

This is fantastic. You have a new subscriber now. I'm sending this to everybody I know. I am an IT nerd, I know DNS queries are not encrypted, but just felt like that would be out of my control. Great information. Thanks!

timmcreynolds

Alright, i’ve watched a handful of your videos now. Holy hell, these are fantastic. I have seen a ton of educational privacy content, but your channel is hands down the best, and criminally under subscribed. Somehow you perfectly thread the needle, being able to conceptualize ideas for the privacy and security hobbyist like myself in an easy to understand package. Please keep up the good work Naomi and team. You have yourself a viewer for life. Cheers!

handsomehobo

Hi Naomi, I love all your videos! I was really excited to learn that the Texas Legislature just passed the Texas Data Privacy and Security Act. (Aka HB4 by Capriglione.) Sadly it doesn't go into effect for a year. I hear other States have similar efforts. Maybe it's a little early, but I'd love to see you do a video on this. I was getting sick of reading all the privacy policies and CA had the only Opt out exception. Keep up the great work! We are winning!

TheDeanCStone

I am so incredibly happy that I have just found your platform/channel. This is the information that I have been trying to find for the past few months. I had always known that internet data was collected but I've only recently found out how intrusive it really is. Thank you so very much for your clear presentations. They are full of facts and the answers to my questions. As the narration is going on, a question forms in my mind and is almost immediately answered as if almost telepathically, lol. It's very obvious how much effort goes into a high-quality production like this given it's forward thinking. The person/people/team responsible for this extremely well executed presentation is one of the finest I have ever seen. I say that because I have never tried to find a true favorite yet but I see no reason why this wouldn't be a contender for the best. I say this as completely unbiased even though I have had an attraction to red since I was 2 years old, lol. Thanks again, I will be absorbing all the knowledge that I can from your productions. I wish you good luck during the turbulent economy that is looming over us and will likely last a decade or so.

MakeitZUPER

Thank-you Naomi. Every time I watch one of your videos, I improve my privacy/security by one significant step. This time, I tweaked my Pi-hole to use DNSSEC, because for no good reason I had it configured incorrectly. Perhaps pfSense or OPNsense is a better choice (?), but using the Pi-hole is effective and eye opening. (you don't need a Raspberry Pi, mine is running in a Proxmox VM)

collectorguy

Yes, I’d have to agree with the others @Naomi you stand out as one of the best educational YouTubers for me! Your depth of coverage on these topics is amazing considering how entertaining and digestible you manage to make them. Thank you for putting out content that raises the bar on all fronts. :)

gregsayshi

Excellent information again Naomi! Thank you

Steven_nevetS

This is a great mix of technical knowledge and "street level" accessibility> Very impressive!

jimboelterdotcomm

Stumbled across your channel recently after watching some videos on privacy. I'm now on a binge sesh of your vids. Even watched 2 of your conferences. Really good content. Subed after the 1st video.

JustARandomSomething

DNS is key, and I think you covered this topic with the perfect amount of details. Just enough to get the point across, without bogging it down with the details.

I would add PiHole or some other ad-blocker to your series of videos on this topic, where every webpage you load, there's no telling how many different servers that you make DNS requests for. Each frame, each advertisment, each Third-Party cookie you download is a website that can see your traffic and that you visited that particular website.

By pointing those rogue DNS requests to a sinkhole, you protect yourself from some of the other types of tracking that happens as you visit websites.

Breeegz

I don't know if anyone has mentioned it already, but even with DoH (DNS over HTTPS), DoT (DNS over TLS) the TLS ClientHello packet is *not* encrypted, and yet they contain the domain you want to access. Not a whole lot of DPI (Deep Packet Inspection) needs to be done to guess where that particular user is going to, regardless of the upstream DNS server used... _(let's forget about DPI though, keep the talk on DNS)_

TLS 1.3 has an extension, ESNI (Encrypted Server Name Indication), so if employed as long as queries to the resolvers are done through encrypted DNS protocols (by the way, how come DNSCrypt wasn't mentioned? I think all of Quad9's servers support it too and there's at least a plugin for those using unbound :). ESNI alone wouldn't do much when used with the traditional DNS protocols, ECH (Encrypted ClientHello) would though! The ClientHello packet would be encrypted, but I haven't seen many (servers and clients, meaning not only OSes but also apps) support it, but I think it hasn't passed the draft stage yet, it is to be another TLS extension (so DoH, DoT would benefit). When do we get support for it across the board, even as experimental?

aphanic

EDIT: To Clear up something: I am "NOT" basing the video at all. I liked the video, it was produced great as always, below is just my thoughts. Not bad at the video. I hope I'm making sense, opening peoples minds to conversation on things? Is that the way to say it?

Here is why all this stuff is pointless. Start at problem. (Us). Our computer -> Our Router -> Our Modem -> Their sub station -> everywhere else your cloudflare all that.
This is a 'false' since of security; like a front door made of glass with a deadbolt on it and you think it has you covered. It don't.
Proof in pudding, check your IP's config and all before and after and not just literally your IP. Look at the packets, we change nothing and it goes to the "ISP" Before any other DNS can grab it. Other wise you would have "hacked" free internet somehow, just think about it. If you don't have to go through the ISP and get online why would you? See pipe dream..

Shrapnel_Music

Thank you once again Naomi. That was really informative and I'll need to watch this several times to get my head around this!!

martinwalker

PFSense is increasingly focusing on its proprietary commercial PFSense+ product, at the expense of the open source Community Edition. CE is updated far less frequently than PFS+ and doesn't receive a lot of the features of the commercial product. I moved to OPNSense last year for this reason. It's open source and actively developed, so it's likely to be a much better product over the longer term.

tsundokujim

I really appreciate this video and the Quad9 tip. I set up DoH (DNS over HTTPS) in just a few minutes on my MikroTik router running routerOS. Also installed the Quad9 android app on my phone.

chrisyoung

If the goal of this action is to limit your ISP from capturing your DNS queries then it is of very limited utility. Your ISP can simply do a reverse DNS lookup on the target IP address in the packets you send out once you received your name resolution from your encrypted DNS.

MaxPower-

Encrypt Your DNS (STOP Your ISP SNOOPING!)

Encrypt Your DNS (STOP Your ISP SNOOPING!)

Encrypt Your DNS and Stop ISP Spoofing!

Secure your DNS Queries with Encrypted DNS

How to encrypt your dns

Why Secure DNS is Important

Best Encrypted DNS in 2023? USE THIS COMBO!

Encrypt your DNS requests with MikroTik

What is DNS Hijacking - How to Protect Yourself?

Block Pop-Up Ads with AdGuard DNS | Simple & Effective Tutorial 🌐🚫'

VPN vs DNS - Which Keeps You The Safest?

Encrypt your DNS requests using DNS-over-TLS in Linux

Change DNS in Windows

What Is DNS and How Can it Help You? Tech Terms Explained

STOP using a VPN for Security! (here's why)

What is DNS? (and how it makes the Internet work)

Encrypt your DNS traffic with DNS over TLS

Which Is The Best DNS for Secure Browsing: CloudFlare, Quad9, NextDNS, and AdGuard DNS

Enable This Setting on EVERY Web Browser

How to protect privacy on your phone in 5 minutes | Tutorial for normies

Change DNS server settings on Android (Samsung S20)

Encrypted DNS is NOT Enough for Privacy

6 Ways to Prevent DNS Spoofing

Is Encrypted DNS Good for Privacy?

How To Reset DNS Settings in Windows 10