Closed Voltairine-de-Cleyre closed 4 years ago
rs
commented
4 years ago If you use an encrypted protocol like DoH or DoT, queries are encrypted from your network to the DNS server and then logs are sent over encrypted channel from the DNS server to the log servers without hitting the DNS server’s local storage and then are stored in a cyphered database. Neither your ISP nor the provider or anything in between of the server will be able to log or see anything from your DNS traffic.
Voltairine-de-Cleyre
commented
4 years ago Hello Olivier,What of so-called metadata along with, for DoH at least, these concerns from https://tools.ietf.org/html/rfc8484#section-8.2
HTTP's feature set can also be used for identification and tracking in a number of different ways. For example, Authentication request header fields explicitly identify profiles in use, and HTTP cookies are designed as an explicit state-tracking mechanism between the client and serving site and often are used as an authentication mechanism. Additionally, the User-Agent and Accept-Language request header fields often convey specific information about the client version or locale. This facilitates content negotiation and operational work-arounds for implementation bugs. Request header fields that control caching can expose state information about a subset of the client's history. Mixing DoH requests with other HTTP requests on the same connection also provides an opportunity for richer data correlation.
On Thu, Oct 22, 2020 at 06:20, Olivier Poitrey notifications@github.com wrote:
If you use an encrypted protocol like DoH or DoT, queries are encrypted from your network to the DNS server and then logs are sent over encrypted channel from the DNS server to the log servers and then stored in a cyphered database. Neither your ISP nor the provider of the server will be able to log or see anything for your DNS traffic.
And thank-you, btw, as I ask to learn.
—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.
romaincointepas
commented
4 years ago Closing this, feel free to discuss this and other suggestions on our subreddit https://www.reddit.com/r/nextdns.
Now that Hardened Privacy Mode has been depreciated for iOS 14+ every dns query made is logged by U.S. based servers. I don't mean the logs to turn off & on from the dashboard I'm referring to the service providers' TOS. Any U.S. based server will log everything it can. I also doubt that since the servers are U.S. based that NextDNS is allowed to discuss any requests made by the government. May an option to choose where I want my DNS servers located - U.S., Switzerland, Iceland, Sweden, etc. - be integrated into the web UI as it's no longer a choice we have (anyone using iOS 14+)?