DNS: Strengthening the Weakest Link in Internet Privacy

Written by Stan Adams

For many, the conversation about online privacy centers around a few high-profile companies, and rightly so. We consciously engage with their applications and services and want to know who else might access our information and how they might use it. But there are other, less obvious ways that accessing the World Wide Web exposes us. In this post we will look at how one part of the web’s infrastructure, the Domain Name System (DNS), “leaks” your private information and what you can do to better protect your privacy and security. Although DNS has long been a serious compromise in the privacy of the web, we’ll discuss some simple steps you can take to improve your privacy online.

In many ways, when we access the web, we get the impression that we are interacting directly with the content, services, or other users at the other end of our connection. The behind-the-scenes elements that facilitate this interaction are so fast and well-integrated that (unless something goes wrong) we usually don’t notice them at all. In reality, however, every online transaction we make requires at least one third-party – an Internet Service Provider (ISP) – to handle the data transmitted between your computer and any other online destination. For unencrypted traffic this gives the ISP (and anyone else looking at web traffic, like the government or hackers) an opportunity to observe your internet usage in great detail down to search queries and what music or movies you stream.

As wonderful as encryption protocols like HTTPS are, other elements needed for the connection to work are left “in the clear” outside of the encrypted portion of the packet.

Fortunately, such deep, granular analysis of network traffic is resource-intensive and network operators choose not to look that closely at most traffic. Even if they did, more and more websites encrypt their traffic, which prevents third parties from seeing the actual content of packets exchanged with your computer. (Look for “https://” at the beginning of your web browser’s address bar to see whether websites support encrypted traffic.) Unfortunately, despite this increasing use of encryption, third parties do not need to see the content of an internet communication to derive nuanced information about your internet usage.

As wonderful as encryption protocols like HTTPS are, other elements needed for the connection to work are left “in the clear” outside of the encrypted portion of the packet. (For a brief primer on IP packets and the kinds of information each “layer” carries, see our layer-based breakdown of internet communications.) For example, before your computer can connect to an internet destination, it must establish a connection with the computer or server on the other end. To do this, your computer needs to know the IP address – a network address, similar to your postal address – of the other computer, which might look like this 104.20.10.17 (in IPv4), or this 0:0:0:0:0:ffff:6814:a11 (in IPv6). Because it is far easier for us to remember addresses in the form of words and letters, like www.cdt.org, our computers perform a look-up function – just like looking up a phone number or address in a phone book – to find the IP address for any given domain name.

This look-up service, essential for the internet to be usable by humans, is DNS. This service is very much like using a phone book to find the phone number associated with a person’s or business’s name; you know the name they go by and you can look-up the hard-to-remember numerical phone number in the phone book. Once it determines which IP address corresponds to the URL you requested, the DNS resolver sends this information to your browser so that it can send its request for files to the correct place. This all happens in milliseconds, before any content can flow between you and your destination

This process happens every time you type an address into your browser, every time you send an email, and every time you click a link. Some websites may contain content embedded from other domains, in which case the page itself may trigger additional DNS queries. So, even if all of the actual content of the sites you visit is encrypted, the DNS resolver (and anyone else monitoring the network) sees every single site you visit, every time you visit. This record can be used to infer what you look at, the kinds of information you are looking for, when and how you use the internet, and other personal information. Some DNS providers sell or use this information for targeted advertising.

Here’s the good news: new services and technologies offer improved privacy and security for DNS

Beyond the privacy implications of a third party monitoring and selling your internet usage, DNS presents serious security problems. Specifically, DNS is susceptible to man-in-the-middle attacks in which a malicious actor (not the DNS service) intercepts the DNS query and returns an incorrect IP address, potentially directing the user to a harmful site. This “spoofing” attack can be mitigated through the use of additional verification procedures, such as DNSSEC, but many domains do not do this.

Here’s the good news: new services and technologies offer improved privacy and security for DNS. (Check out the Cloudflare or Quad9 sites for instructions on how to start using them.) Cloudflare recently launched its own global DNS resolver service which supports two kinds of privacy-enhancing protocols: DNS over TLS (Transport Layer Security) and DNS over HTTPS, both of which turn leaky DNS queries into secure connections. In addition to the improved privacy and security offered by these protocols, Cloudflare also limits its record retention to 24 hours and does not associate the DNS queries with your IP address.

Quad9 is a DNS platform that utilizes a number of measures to ensure the security and authenticity of its service. It also does not store or distribute information relating to users’ IP addresses. Despite the privacy and security enhancements offered by encrypted transport protocols, the DNS resolver’s privacy policy is important because the service still has the ability to see, store, or use the DNS query history associated with individual IP addresses, or in some cases, individual devices. That is, even though encrypted DNS protects users from eavesdropping, they must still trust the DNS resolver with their data. CDT hopes to see more DNS resolvers adopt both the technical and the policy measures necessary to protect users against privacy and security harms.

Even more private and secure DNS technology is on the horizon. A team of researchers at Princeton have built a system they call Oblivious DNS (ODNS) that prevents even the resolver’s operator from linking queries to identities. This system makes trust unnecessary and, when combined with an encrypted connection, would make DNS both private and anonymous. As Princeton’s Nick Feamster explains, this would “plug the internet’s biggest privacy hole.”  We hope that the people who read this post will help spread the word about DNS privacy and the available options to enhance it. Help your friends and loved ones who may be less technically able understand their options for DNS. Visit the Cloudflare or Quad9 sites for easy instructions on how to use their DNS services. Be on the lookout for Oblivious DNS providers in the future. In the absence of meaningful baseline privacy regulations, we must all do what we can to protect ourselves. This is a good way to start.

Share Post