Cloudflare DNS has DoH, but it’s Cloudflare so… ew. Is there one that is more privacy respecting and also has DNS over HTTPS?
There’s a lot more than that, but here’s a quick list compiled from filtering suspicious actors (for-profit etc…) from privacytools:
- applied-privacy.net (DoH, DoT)
- libredns.gr (DoH, DoT)
- nixnet.services (DoH, DoT)
- snopyta.org (DoH, DoT)
- uncensoreddns.org (DoH, DoT)
- blahdns.com (DoH, DoT, DoQ)
Not sure about PowerDNS and Quad9 because they appear shady from the outside but they may be options as well.
This is controversial because they are “big bad” companies. But in some cases I think that is a plus because they have some responsibility to do as they say.
- Use a resolver that is a part of Mozilla’s Trusted Recursive Resolver Program. Mozilla makes them agree to a solid privacy policy: https://wiki.mozilla.org/Security/DOH-resolver-policy#Conforming_Resolvers
- Google DNS. Obviously controversial but their privacy policy is very good. They keep “full” logs for at most 48 hours and only for debugging purposes.
The major concern for all of these is that they are allowed the keep anonymized logs forever. This means that if the hostname itself it sensitive then it can be recorded forever. (For example if you have “secret” subdomains).
The other option is running your own recursive resolver, this mostly nullifies the private subdomain issue as only the authoritative server will see it (other than network snoopers) however this has very real downsides.
- It exposes your IP address to many authoritative servers with no guarantees about the logs they keep.
- It can be slow as there is no shared cache.
- Requests from your resolver to the internet are not encrypted.
Disclaimer: I used to work at Google (but not on Google Public DNS) and have no affiliation with other named or referenced companies.
Telling people on privacy communities to use Google products is closest to the worst advice you can give, atleast as far as this century timeline is concerned.
Just because it is not the advice that is expected does not make it bad advice. Obviously these names have some questionable behaviours but in this case they often have separate privacy policies for their DNS services (or the Mozilla endpoint for their DNS services) which makes it much better than the other Google products which are lumped behind a single privacy policy which isn’t very privacy friendly.
Unfortunately it is impossible to know for sure they are complying with the privacy policy, but this applies to all providers, no matter how large or what businesses they have other than providing DNS. So while you shouldn’t blindly follow some random post on the internet you should may give these providers a second look-over and consider that these large companies have some privacy benefits if their privacy policy is accurate.
I am not sure you will understand, so I will just excuse myself. You clearly know everything.
Edit: seems you are a true redditor, downvoting as revenge for disagreement
He was making a good point. Huge multinationals often have departments with wildly different behaviors/policies. These departments are often in conflict with one another, or don’t know so much about one another. I agree with you trusting anything remotely associated to Google is utterly stupid when it comes to privacy, but the argument exposed was not stupid.
It was in fact solid insider’s advice, to know to exploit differences between branches of a given tentacular company in some circumstances. For example, Debian’s cooperation with Lenovo for better hardware support is in fact a collaboration with a specific department within Lenovo, and has a lot of blocking points from other departments.
EDIT: Also another good point was that selfhosting services (eg. services just for “me”) often leaks more metadata than using shared services which other folks connect to as well.
You have no idea what you are dealing with, with these CIA/DARPA shell entities. These are not multinationals randomly built out of a drive for capitalism, but meant to bring upon us a dystopia worse than any nightmares you have seen or heard.
He thinks the laws made up for these shell entities via lobbying and governmental hgemonic interests are actual laws and protocols that are made to protect our interests. They are not. He is too realistic and obedient to believe all this crap.
I may sound delusional, perhaps conspiratorial, but everything continues to unfold before us and so many people like him keep denying it. I have no idea why I am doing what I am doing, and yet I can tell there is more than just a world domination goal. They want to render us hopeless.
I can tell there is more than just a world domination goal
You do sound slightly conspirational and delusional. Of course people are gonna fuck up other people, because that’s precisely what capitalism is about, and we’re conditioned from a very young age to feed into this narrative.
However, a lot of people try to avoid such dynamic, even in big evil corporations. Spitting on the face of these precise people is not gonna help anyone :)
Condemnation is the essential sign of resistance against status quo. I am not a capitalist.
If I read between the lines and see conspiracies, then others are too obedient realists.
AdGuard, Quad9, Uncensored DNS, Tenta
