this post was submitted on 30 Jan 2024
1103 points (97.0% liked)

Memes

45151 readers
3172 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
1103
My name is Guy Incognito (feddit.de)
submitted 7 months ago by Oiconomia@feddit.de to c/memes@lemmy.ml
76 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Frederic@beehaw.org 7 points 7 months ago (1 children)

Yes, this is why you should use DNS over TLS. My router signal to every DHCP client that it is the DNS resolver, and internally use DoT/dnssec to query IPs. It also intercepts every request on DNS port in case of some DNS are hard-coded on some devices.

[โ€“] FreeFacts@sopuli.xyz 3 points 7 months ago

DNS over TLS won't save you thanks to SNI. As there is a huge shortage of IPV4 addresses, same IP addresses serve multiple hostnames, and to provide a working encryption, TLS handshake includes the requested hostname in plain text so that SNI can be used to determine which certificate should be used. That plaintext hostname is something your ISP can easily log.

Rule of thumb is, Https does not provide anonymity, only encryption.