Sponsored Links

Does DNS over HTTPS or 1.1.1.1 block ICR's / ISP logging?

jon1

ULTIMATE Member
Pretty simple question I was curious about and couldn't find a conclusive answer on google
 
Pretty simple question I was curious about and couldn't find a conclusive answer on google
I do not know.. but it's highly unlikely they limit the snooping to the DNS, they'll be collecting a bunch of meta-data like visited domains (thanks TLS SNI!..) and IPs.

A (foreign) VPN - or even 1.1.1.1's Warp vpn - or "tor" might be a way around it.
 
I do not know.. but it's highly unlikely they limit the snooping to the DNS, they'll be collecting a bunch of meta-data like visited domains (thanks TLS SNI!..) and IPs.

A (foreign) VPN - or even 1.1.1.1's Warp vpn - or "tor" might be a way around it.
Thanks, are all ISPs required to do this? or just the big ones?
What's the chance an Altnet will be logging to the same extent as BT/EE
 
Sponsored Links
Thanks, are all ISPs required to do this? or just the big ones?
What's the chance an Altnet will be logging to the same extent as BT/EE
As far as I'm aware this is only done on demand, when authorities ask the isp to start logging a certain individual. It's not done all the time and the period cannot be longer than 1y.

That said, laws aside, I wouldn't be surprised if many isp generally log an "anonymised" sample of metadata from everyone and then sell that on.
 
As far as I'm aware this is only done on demand, when authorities ask the isp to start logging a certain individual. It's not done all the time and the period cannot be longer than 1y.

That said, laws aside, I wouldn't be surprised if many isp generally log an "anonymised" sample of metadata from everyone and then sell that on.
Sorry for my misunderstanding

I was under the idea that they would be logging everyone all the time, and expecting them to start searching that database by a list of websites and then asking people why they were on them
 
Sponsored Links
Using a Public DNS or Secure Public DNS just changes who is logging and profiling your use of the internet.
It's one of the reasons I like using the resolver in pfSense and I'm therefore my own DNS provider, so no one else is collecting the information on websites we visit from our IP address to ultimately make money from us or sell the data. No such thing as a free lunch, so these public DNS offerings are making money somehow.

I'm sure you can set up BIND on a Windows PC to be a DNS resolver, so rather than use 1.1.1.1 or your ISPs DNS server, you have you own, I had that working many years ago. If you want more than one device to use it, then you would need a small dedicated PC running 24/7 and would need to update your devices to use it in place of the ISP, it's a little involved to set up, but not impossible. Or switch to something like pfSense or OPNsense as your router which has it built in, again a cost and learning curve to setting it all up, but options do exist.
 
Sponsored Links
It's one of the reasons I like using the resolver in pfSense and I'm therefore my own DNS provider, so no one else is collecting the information on websites we visit from our IP address to ultimately make money from us or sell the data. No such thing as a free lunch, so these public DNS offerings are making money somehow.

I'm sure you can set up BIND on a Windows PC to be a DNS resolver, so rather than use 1.1.1.1 or your ISPs DNS server, you have you own, I had that working many years ago. If you want more than one device to use it, then you would need a small dedicated PC running 24/7 and would need to update your devices to use it in place of the ISP, it's a little involved to set up, but not impossible. Or switch to something like pfSense or OPNsense as your router which has it built in, again a cost and learning curve to setting it all up, but options do exist.
I'm all for 127.0.0.1 as a resolver and in fact I am using it, however the traffic your local recursor makes to the ROOT servers is still just plain, unencrypted DNS traffic that your ISP can sniff without problems. At least the likes of Google is not getting that information.

A better idea would be using a trusted resolver either over VPN or by employing DNSCurve/DNSCrypt. This could be a small VPS somewhere with a decent host and ideally close to you (low latency).
 
DNS lookups, regardless of whether they can or can't be logged, is a farcical approach. It's a typical Governmental attempt at understanding technology. Performing a DNS lookup proves absolutely nothing and would never stand up imo. Run your own authoratitive nameservers or use a secure one if you're that concerned. Just my personal opinion on the matter.
I think a single lookup on its own is semi-useless in terms of the data it can provide, but in the greater scheme of your online profile, the majority of your lookups is extremely valuable data.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3639)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2144)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1814)
  11. Virgin Media (1763)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1405)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules