I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?

  • seaotter113@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Want something that works fast? NextDNS, Adguard or DNSwatch

    Want something a bit more complicated but better for privacy? Setup PiHole + DNSCrypt proxy with anonymized DNS

  • XpeeN@sopuli.xyz
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I’m using dnscrypt combined with a firewall app. RethinkDNS on android and postmaster on pc.

  • brainlessnick@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Quad9 is decent, but there’s some weird legislative issues (they can be court ordered to not resolve certain sites) BC weird reasons.

    If you have a raspberry pi or similar sitting somewhere, you can set up a pihole DNS with unbound as upstream. Then you’ve got a DNS that’s as private as you want, locally cached and with additional ad/malware/… blocking capabilities.

    • Cambionn@feddit.nl
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Use your own.

      That may not always be the best way to go, as it’ll make fingerprinting also much easier. The more custom your setup is, the less there are like you, the easier your tracked by fingerprinting techniques.

      Not saying it’s bad per se, but the idea that trusting no one and setting everything up yourself is always more private isn’t true either. Both providers and do-it-yourself have negative sides one should stay critical about.

        • Cambionn@feddit.nl
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          1 year ago

          As I said:

          as it’ll make fingerprinting also much easier.

          Fingerprinting is a technique where they look at everything they can grab from received requests and try to use that info to identify people. The things you block (like ads and trackers), the used DNS, your user agent, your IP, etc. It’s all used to try to identify you. The more you blend in with others, the harder to identify you are. The more custom stuff you have, the easier to identify you are.

          If fingerprinting or not having to trust third parties is more important depends on your threat model. But it’s important to know the risks of a trust-no-one do-it-yourself approach when making the decision.

          • pound_heap@lemm.ee
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            Well, my question was specifically about DNS. I don’t think that the sites or services you use have any way to know what DNS are you using.

            ISP can capture DNS traffic, but this is where threat model comes into play… Like if you are concerned about some entity to collect you profile based on data from ISP which includes both your DNS queries and your IP

  • nachtigall@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    The one from your ISP. Your ISP can see your traffic anyway, so you gain nothing by using a third-party DNS server.

  • StarkillerX42@lemmy.ml
    link
    fedilink
    arrow-up
    0
    arrow-down
    7
    ·
    1 year ago

    I’m not an expert on what makes a “good DNS”, but I have been using a pi-hole for about 5 years and it has been super stable the whole time, despite my best efforts.