You are not logged in.
- Topics: Active | Unanswered
#1 2016-05-12 10:13:19
- nfisher
- Member
- Registered: 2016-01-16
- Posts: 2
Is DNSCrypt indeed snakeoil?
Hi all!
So i stumbled upon a handful of recommendations for using DNSCrypt for security and privacy reasons. Now as i figured, this is not as apparent to me as it seems to be for its ardent proponents. The arguments (and my counterarguments) go as follows:
1. Privacy enhancement!! DNS information is valuable, since it lays out all your internet activity! (Yeah, but my ISP (as the standard DNS) and possible eavesdroppers see the IPs of the visited websites in the connection data anyways, so why bother adding an extra layer/service provider to which you hand your data to?!)
2. Security enhancement!! Now you are just better off! (well, as stated above, really? Is it a given that handing out you connection data to yet another service provider ENHANCES security? Also, doesn't it make you more suspicious to public agencies in your overall user profile, if anything)
3. it mitigates MIM attacks! (but what if dodgy servers such as d0wn-it-ns1 (run by 1 person) are in fact the MIM!?)
Am i missing something or does using DNSCrypt just make no sense?
Thanks for your thoughts!
nfisher
Last edited by nfisher (2016-05-12 10:22:15)
Offline
#2 2016-05-12 12:41:16
- ugjka
- Member
- From: Latvia
- Registered: 2014-04-01
- Posts: 1,806
- Website
Re: Is DNSCrypt indeed snakeoil?
If you don't trust dnscrypt servers, get a cheap vps instance and run your own server.
https://ugjka.net
paru > yay | webcord > discord
pacman -S spotify-launcher
mount /dev/disk/by-...
Offline
#3 2016-05-12 13:18:35
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: Is DNSCrypt indeed snakeoil?
Regarding 1 you are right, the isp will see which ips you connect to but you can have multiple sites behind one ip or a set of ips, think cloudflare. Of course I don't know enough to say if it's possible to still know which websites you are visiting if they use https.
Regarding 2 and 3 it all boils down to trust, if you trust the servers then it should be more secure. You are correct that for now usage of dnscrypt will make you stand out in the crowd as I suppose not that many people are using it yet, but that is assuming someone is actively monitoring dnscrypt usage, also usage of dnscrypt does not imply you are doing anything wrong, just that you value security and privacy.
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
#4 2016-05-12 14:19:43
- Alad
- Wiki Admin/IRC Op
- From: Bagelstan
- Registered: 2014-05-04
- Posts: 2,412
- Website
Re: Is DNSCrypt indeed snakeoil?
From the author:
Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby
Offline