I do not know.. but it's highly unlikely they limit the snooping to the DNS, they'll be collecting a bunch of meta-data like visited domains (thanks TLS SNI!..) and IPs.Pretty simple question I was curious about and couldn't find a conclusive answer on google
Thanks, are all ISPs required to do this? or just the big ones?I do not know.. but it's highly unlikely they limit the snooping to the DNS, they'll be collecting a bunch of meta-data like visited domains (thanks TLS SNI!..) and IPs.
A (foreign) VPN - or even 1.1.1.1's Warp vpn - or "tor" might be a way around it.
As far as I'm aware this is only done on demand, when authorities ask the isp to start logging a certain individual. It's not done all the time and the period cannot be longer than 1y.Thanks, are all ISPs required to do this? or just the big ones?
What's the chance an Altnet will be logging to the same extent as BT/EE
Sorry for my misunderstandingAs far as I'm aware this is only done on demand, when authorities ask the isp to start logging a certain individual. It's not done all the time and the period cannot be longer than 1y.
That said, laws aside, I wouldn't be surprised if many isp generally log an "anonymised" sample of metadata from everyone and then sell that on.
To be honest I am not the most up to date with this... May well be what you say, actually it is according to this..Sorry for my misunderstanding
I was under the idea that they would be logging everyone all the time, and expecting them to start searching that database by a list of websites and then asking people why they were on them
Ah, HMRC can access it? Tells you all you need to know right thereTo be honest I am not the most up to date with this... May well be what you say, actually it is according to this..
It doesn't, no. If they've the ability to snoop your DNS they've the ability to snoop your HTTPS handshake.Pretty simple question I was curious about and couldn't find a conclusive answer on google
It makes it harder but there are still loop holes:Pretty simple question I was curious about and couldn't find a conclusive answer on google
It's one of the reasons I like using the resolver in pfSense and I'm therefore my own DNS provider, so no one else is collecting the information on websites we visit from our IP address to ultimately make money from us or sell the data. No such thing as a free lunch, so these public DNS offerings are making money somehow.Using a Public DNS or Secure Public DNS just changes who is logging and profiling your use of the internet.
I'm all for 127.0.0.1 as a resolver and in fact I am using it, however the traffic your local recursor makes to the ROOT servers is still just plain, unencrypted DNS traffic that your ISP can sniff without problems. At least the likes of Google is not getting that information.It's one of the reasons I like using the resolver in pfSense and I'm therefore my own DNS provider, so no one else is collecting the information on websites we visit from our IP address to ultimately make money from us or sell the data. No such thing as a free lunch, so these public DNS offerings are making money somehow.
I'm sure you can set up BIND on a Windows PC to be a DNS resolver, so rather than use 1.1.1.1 or your ISPs DNS server, you have you own, I had that working many years ago. If you want more than one device to use it, then you would need a small dedicated PC running 24/7 and would need to update your devices to use it in place of the ISP, it's a little involved to set up, but not impossible. Or switch to something like pfSense or OPNsense as your router which has it built in, again a cost and learning curve to setting it all up, but options do exist.
I think a single lookup on its own is semi-useless in terms of the data it can provide, but in the greater scheme of your online profile, the majority of your lookups is extremely valuable data.DNS lookups, regardless of whether they can or can't be logged, is a farcical approach. It's a typical Governmental attempt at understanding technology. Performing a DNS lookup proves absolutely nothing and would never stand up imo. Run your own authoratitive nameservers or use a secure one if you're that concerned. Just my personal opinion on the matter.