Cloudflare’s DNS 1.1.1.1 Promises to Increase Privacy and Internet Speed

in #dns7 years ago



DNS



Domain Name System (DNS) servers are integral to the functionality of the internet. All internet IP addresses are found using DNS which basically translates human input in the form of an URL and translates the information into the corresponding numerical address directing us to the desired website.


For instance, when you try to connect to a website such as Steemit.com, your device needs to know which server to connect to so that it can load the application. Since computers are not able to directly translate a human input name and determine the proper address, your device queries a specialized server in order to perform the task, known as a DNS recursive resolver. A DNS server keeps a directory of domain names and translates them to IPs, a sort of internet rolodex.

DNS-rev-1.gif

Howstuffworks.com

Generally speaking, this service is provided automatically by an Internet Service Provider (ISP) and is not often on the average person's radar. Yet some users prefer to use a DNS resolver such as Google Public DNS which provides faster connections and are more secure than the default DNS provided by an ISP.

Since the default DNS services provided by ISPs are often slow and insecure, most people rely on alternative DNS providers—such as OpenDNS (208.67.222.222), Comodo DNS (8.26.56.26) and Google (8.8.8.8), to speed up their Internet.

The Hacker News


Cloudflare's DNS 1.1.1.1


Cloudflare has released a new DNS service that, it says, increases internet speed while also enhancing online privacy by making it more difficult for ISPs to trace your browsing history.

By using Cloudflare's DNS service the company claims that your device(s) will be able to sort domain names at an extremely high speed of 14.8 milliseconds much faster than the competition.

From Cloudflare's website:

Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads. Cloudflare, in partnership with APNIC, runs 1.1.1.1, a recursive DNS service that values user privacy.

Cloudflare.com

The company maintains that privacy is the top priority stating that -

• Cloudflare will never sell your data or use it to target ads. Period.
• Cloudflare will not retain any personal data / personally identifiable information, including information about the client IP and client port.

The company also pledges that any data that is collected will be destroyed after 24 hrs.

However, the website also states that it will be working in conjunction with another company, Asian based APNIC.

Ironically for a project predicated on privacy, Cloudflare is sharing DNS query data with APNIC Labs, a part of Asian registry APNIC, in exchange for the use of its 1.1.1.1 network address. The regional internet registry insists it wants to better understand the technical intricacies of DNS, in order to mitigate denial-of-service attacks and to optimize server communication.

theregister.co.uk

APNICS and Cloudflare have entered into a partnership agreement for the next 5 years. The company has reiterated Cloudflare's pledge to destroy all data within 24hrs, but 'after' conducting statistical data analysis. They also stress that they're keenly aware of just how sensitive Cloudflare's DNS data is and will be vigilant to prevent any data leaks. Data sharing with APNIC has some wondering why just how private DNS 1.1.1.1 really is.

DNS Over HTTPS



sucuri.net


For increased security, it's possible to use DNS over HTTPS endpoint rather than sending DNS queries over plaintext. One of the main reasons for doing so is that even while using HTTPS to visit a website your DNS query is sent over an unencrypted connection. Therefore, anyone listening to packets on the network will be aware of which website you're trying to connect to.

According to Cloudflare, another issue with unencrypted DNS is

it is easy for a Man-In-The-Middle to change DNS answers to route unsuspecting visitors to their phishing, malware or surveillance site. DNSSEC solves this problem as well by providing a mechanism to check the validity of a DNS answer, but only a single-digit percentage of domains use DNSSEC.

Therefore, Cloudflare's DNS 1.1.1.1, which offers DNS over HTTPS, aims to mitigate these problems by providing this free service.

A Broader View


We all would like greater speed and privacy from our online experience and this is a simple and free way to do so. How private Cloudflare's service will be is still anyone's guess.

Back in 2009 when Google launched their Public DNS 8.8.8.8, the company made a lot of similar promises to what Cloudflare is championing today. The tech giant assured us that our privacy was of paramount concern with several caveats. Google's Public DNS did track a users IP address, but according to Google only for 24hrs. Google also sated that in no way would a user's DNS data be tied to their Gmail or Google accounts in anyway or shared with a third party provider.

google_dns_2.jpeg

Nevertheless Google does retain a certain amount of 'technical data'.

Your location: yes. Google says it permanently stores "metro-level" info on your whereabouts for the purpose of debugging and improving the Google Public DNS experience. Most of this information is held for two weeks, Google says, though a "small subset" is sampled for permanent storage. The company promises that it never ties the location data to any other information collected from your session.

The Web sites you look up: yes. But again, Google says that information is not stored along with any data that would identify who you are.

I think Google's assurances must be taken with a few heaping grains of salt.

As we have seen with Facebook recently and the data-mining conducted by Cambridge Analytics, when giant corporations offer services for free there must be a catch. To believe that Google is not siphoning from the massive cache of data passing through it's systems every second is most certainly a naive perspective. Nothing is free.

"You have to remember they are also the largest advertising and redirection company on the Internet"

PC World

Google is not simply providing free services for the good of the internet, they likely amass a vast amount of data they sift through in order to increase the effectiveness of digital advertising.

That being said, the type of service that Cloudflare's DNS aims to improve upon are much sought after as in early 2017 the US Senate passed legislation overturning measures preventing ISPs from collecting data from US citizens. This new legislation made it legal for ISPs to collect and sell your internet data.

I guess the conclusion here might be that Cloudflare’s product does increase user privacy, at least in comparison to Google.

I’m not recommending Cloudflare’s service, I’m no techy, but I’m letting you know about this fresh option being made available on the market. Of course, do your own research as there are now numerous public and private DNS services to choose from.

At any rate, DNS 1.1.1.1 is certainly an improvement over a default DNS provided by your ISP… and it’s NOT Google.


How to get started with DNS 1.1.1.1


Cloudflares website includes step-by-step instructions on how to set up and configure DNS 1.1.1.1 for multiple devices including gaming consoles.

  • Android
  • Iphone
  • MacOS
  • Windows
  • Linux
  • Router
  • Gaming Console

Setting up DNS 1.1.1.1

For example, setting up the service for MACs is relatively painless.

  • Open System Preferences.
  • Search for DNS Servers and tap it.
  • Click the + button to add a DNS Server and enter 1.1.1.1 and 1.0.0.1 (for redundancy).
  • Click Ok and then Apply.

Additional Sources


developers.cloudflare.com

Arstechnica



V4V-Layer-0-power-heal-placebo_feature-Plain-BG.gif

Vapid-Bleed-NEW-IMPACT2.gif

Sort:  

Nice post, I wrote a similiar some days ago:
https://steemit.com/censorship/@rockz/dns-censoreship-and-how-to-bypass-it

Cloudflares DNS is of course a better choise then your local ISPs DNS servers but there are even better, more privacy focused DNS servers you should use.
Its all about trust, and personali I do NOT trust big companys like google or cloudflare.

But that just my opinion :)

I agree with you!

I’m not recommending Cloudflare’s service, I’m no techie, but I’m letting you know about this fresh option being made available on the market. Of course, do your own research as there are now numerous public and private DNS services to choose from.

It's similar to VPNs, if you want to have your privacy truly protected then you have to pay for it. I'm pretty sure all of the free ones collect data on their users.

Thanks for your comment! I'm curious which DNS would you recommend?

I use the servers of DNS WATCH --> https://dns.watch/why
They write that they don't have any interest in selling userdata to other companies. But yeah, of course its up to you to trust them.

But they need donations in order to keep their service running.
I guess donating them is a smart way to spend your Bitcoins: 1DNSaFkH4a5mexQvn3oWFmdwH7VNodepLw

hehe.

Okay nice, I did come across this website while i was researching this post. I'll have to have a closer look. thx

But, will they still censor websites? Haven't been a fan of CloudFlare since the whole Daily Stormer debacle. Censorship isn't cool. I don't care who it is.

Yeah, I can see what you mean. I just read up on that, and I believe that censorship is a slippery slope, as much as I despise neo-nazis do they not also have a right to free speech? I mean if we ban certain groups and their views then more bannings are likely to follow. This is a very relevant topic considering the YT, FB, Twiiter censor of late. Thanks for bringing this up :)

Yeah exactly. If they cesnsor one group or person what's to stop them from doing it to others? The social media censorship going on is insane. Not only social media either, the Google search censorship is another thing that needs to stop ASAP. Some sites like the social network Minds are basically blacklisted from the search results.

Google also skews certain searches. This was extremely apparent during the US election. The way they ordered candidates in searches for general things like "US election". It's not hard to influence people's opinions when you have as much control as Google does and it's pretty frightening if you think about it.

I live in a country with huge efforts on censorship... web nuetrality is myth for us!
And no one knows how terrible it feels behind massive censorship 😐

Owk I think this cloudflar's DNS is what anyone would crave for. From all that is written here, I can see that their priority is privacy. This is the reason why they are already making waves.

Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use

Unfortunately it’s the reality.
I have noticed my internet being very slow even though paying so much money to my internet provider. Until now I didn’t know abou DNS. Obviously most of the people don’t know either until something happens. Going through your blog I realized I have to take a closer look at it. I did get a better understanding of DNS and will research DNS 1.1.1.1. Afterall privacy is my #1 priority.
Great post though!
Regards @v4vapid!

Really great information shared network is very similar Ib address
This is a problem with some networks
Great and great information is published you are a wonderful person and really successful

Cloudflare, a US-based content delivery network, has launched its own DNS (domain name server) service which promises to improve your internet connection and ensure that privacy is maintained. This service will be using the address https://1.1.1.1 for resolving DNS which anyone can use. According to The Verge, Cloudflare claims that it will be the internet's fastest, privacy-first consumer DNS service. Cloudflare has promised to wipe out all logs of DNS queries within 24 hours. Now DNS services are services typically offered by the internet service providers to resolve domain names. Think of DNS as an internet directory. So every time you click on a link, open an app, send an email and so on, your device is communicating with the DNS directory to find out where it can find the addresses.

very awesome post,my dear friend @v4vapid,
good news,Great and great information is published you are a wonderful person
DQmaDB51b9WW5qiuUfgqYeMzWALLDCfwYLPuQc3C8XyDnQd.jpeg
thank you for sharing with us,

Nice article mr, i like it, i have to upvote you and reblog, i hopefully you want to do same for me..., Good luck

In reality, there is no privacy. For example, if you really want, for example, safe wallet, you need to spend around 400 us dollars to customize one pc only for the wallet so if you are the specific target of hacker you cannot be damaged. They can provide with higher speed and everything on technical level, but when it comes to privacy you have to open your mind for reality and say that privacy is the luxury and you need to learn how to actually achieve that luxury.