Is your ISP selling your data? (DNS Servers)
It’s an open secret: everyone is selling your data (and your ISP is no exception).
By default, your internet service provider (Comcast, Verizon, AT&T, wave, etc) is giving you an IP address and DNS server to use. The former you have to use, the latter, you don’t. In fact, for speed and reliability reasons alone you’d be wise to take someone else’s DNS service.
DNS is what’s responsible for turning google.com into 172.217.0.1 (or in fact one of the many IPs that happens to be load balancing for you, for the day, for the website). Your Apple’s, Amazon’s, CNN’s or any other website you visit are the same, single or multiple IPs for a given DNS-name. The trouble is, your ISP’s DNS service is (frequently) selling this data to third parties as to what websites you visit.
https://www.lifewire.com/what-is-the-ip-address-of-google-818153
DNS is meant to be an easy to remember human-readable address that in turn links to a machine readable IP address which most folks can’t remember (do you really want to remember 172.217.0.1, or google.com?). But, something needs to route that DNS to an IP, a (virtual) postman for example. Your DNS server (or servers, primary and secondary “failover”) does this for you. DNS resolution service, varies in performance and reliability, and that postman could be “reading your mail”. There is an answer: alternate DNS providers that give some measure of privacy, with improved reliability and performance, another concern as ISP outages are often a ISP-hosted DNS failure, not a “line” or circuit outage. The other issue is DNS providers themselves are both subject to attack by cyber actors and maintenance efforts. It should also be noted, DNS infrastructure often is lower on the totem pole for priority for optimization or upgrades (for your ISP). What’s the point of having a gigabit internet connection, only to have last century’s DNS resolution (performance)? Yet, most people don’t know any better and utilize their ISP’s DNS and suffer for it both in privacy and performance/uptime.
There are several “good” options for alternative (non-ISP provided) DNS providers which I’ll outline briefly…
CloudFlare
Quad9
Google
OpenDNS
CloudFlare: Relatively new, its claim to fame is it’s often the fastest DNS resolver between them running a large number of nodes across the world they are both quick to reach (ping) and quick to resolve your DNS. The downside? Although they claim to protect your privacy in their privacy disclaimer, CloudFlare is synonymous with your Google’s; they are a leader in data analytics and that privacy disclaimer does admit it shares your data with APNIC but only anonymized, not aggregated and anonymized which could still allow someone to correlate you to the traffic so it’s not ideal… However, they are VERY fast and VERY stable (pack leading in fact on both for almost every location across the globe). So, if you want the fastest performance and reliability but some risk to your data privacy, look no further! For me personally I prefer…
Quad9 : Also relatively new, their name comes from their (primary) IP for their DNS server, 9.9.9.9, get it? 4 9’s? Anyhow. This bunch trades blows with CloudFlare in some cases, particularly North America being even faster than CloudFlare in many locations across the USA. Like Cloudflare they do share your data, but only aggregated and anonymized and only for purposes of threat tracing (cyber security) in other words, privacy-centric. They also have an extra perk: their default 9.9.9.9 DNS server (and secondary 149.112.112.112) protects you from known malicious websites. They do have non-protected DNS servers you can choose as well in case your site is either mis-classified or correctly, and you still want to reach it! Of note, they are funded by IBM, PCH and it’s believed London Police and Secret Service. That could sound unsettling at first (if true) but, in all likelihood your ISP’s DNS is already sharing your data with your government (China anyone?) so it’s a largely moot point in my book. This is my personal choice as I live in the US so between the fastest performance in North America and particularly most of California, this is a win-win as it protects me from the bad guys of advertising and (possibly) foreign cyber actors and gives me performance and stability.
Google. Straight forward. Google does DNS too. They make no claims to privacy (that I know of), but they may be a good third option if you don’t live in North America or the UK. Here’s a link to a good read on performance breakdowns of each.
OpenDNS has been around for a long time. Their claim to fame is being able to customize your DNS solution to filter out adult material (useful for protecting young ones, religious non-profits, or even small businesses). Not the fastest, but more robust then your ISP’s DNS servers (according to someone who actually does networking for a living). Formerly donation and corporate donations, but now Cisco-owned I believe, in case you’re curious who pays the bill, which you should be about anything.
A note about speed differences: Switching to a faster DNS provider like I’m suggesting, won’t give your more bandwidth, but, websites that have linked content in them, think slickdeals.net, your news websites, and your search engines, will be more speedy in loading as DNS behind the scenes is more streamlined. On my Comcast connection it was quite noticeable, ironically with Chrome in particular (I prefer Safari, but thought I’d test). CNN and Fox News were both more peppy.
Interested?
First of all, if you have an ISP provided all-in-one box ala Comcast or AT&T, your only choice is to change you DNS on your computer/s as your AT&T’s and Comcast’s want you to use their DNS obviously (to sell your data) and don’t permit you to override the DNS on their router/gateway, they have language in your service agreement to permit them too I might add. Quad9 has the instructions for changing Windows and MacOS DNS servers on their landing page. Other DNS providers do as well but it’s the same idea, drop in the DNS server’s IP into your network settings on your computer and it’ll ignore the one from your router/gateway.
If, you want to change it on your home router, if you brought your own, it gets more tricky. DuckDuckGo’ing (or Googling, I prefer DuckDuckGo for privacy, and, they don’t suppress political content that doesn’t agree with theirs, which is to say very liberal if you didn’t know) your router you own is going to be your best bet as procedures vary between brands and models. But, this allows your iPhone/s (which you can’t customize your DNS on, at least easily anyhow) and other WiFi-connected gadgets to take an alternate DNS when connected to your home WiFi other than your cellular providers DNS (they give you a DNS too).
Once you’ve “cut over” your ISP-DNS to a third party DNS, try your websites of choice, depending how much cross-linked content is in it, it may be quite a bit faster, or same speed at least if not. You can “ping” your DNS provider as depending where you live, one DNS might be faster than another (CloudFlare although fastest overall, trades blows with Quad9 depending where you live in North America for example so it might be worth testing yourself). Lastly, be wary, Comcast and others have special tailored services that may stop working when you bypass their DNS service. Fair warning. I don’t use any of these and have had no problems as of the time of this article with Comcast, but I’m told be be wary of them if you do.
Saturday, May 30, 2020