[Youtube] Video from Dave Plummer on online privacy, mainly DNS

[RMerlin]

Dave Plummer (former Microsoft engineer who worked on components such as the original Task Manager) posted a very good video talking about online privacy, mostly on how to secure your privacy at the DNS level. It's one of the best video I have seen on the topic, where he even explains things like EDNS Client Subnet and HTTP's SNI. He also explain clearly how a VPN provider might not provide much in term of privacy, and in which scenario they are mostly useful.

 

[OzarkEdge]

Thank you... that is a great summary, although I had to hit pause a lot to allow my brain to catch up!

OE

 

[heysoundude]

thats a great channel! and like @OzarkEdge , I find a LOT of information comes at you very quickly in his videos...pause and rewatch; 1.25x (or higher) speed not recommended!

 

[Rajjco]

Very Informative video, wonder why ECH isn't wildly adopted. Using It could tremendously Improve privacy.

 

[RMerlin]

He does tend to shoot info at a fairly high pace, probably in part because he relies heavily on reading his text rather than just having a more natural talking presentation. But he usually does a good job at distilling it to the essential, and giving simple explanations to some of the more technical concepts he talks about.

 

[RMerlin]

Very Informative video, wonder why ECH isn't wildly adopted. Using It could tremendously Improve privacy.

Requires web server support, and more complex to setup. Also I don't think the standard has been finalized yet, it's still at draft stage.

EDIT: yep, still a draft: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/25/

 

[dave14305]

I think the real secret is to pick the one (DNS provider) whose incentives you can live with.

This quote from the video is still the tough decision for a lot of people. Who do you trust most, or who do you distrust least?

For encryption, I have never fully trusted stubby to run reliably over the long-term due to quirks with upstream DNS providers. Perhaps Unbound as a DoT forwarder is better, but very fat for the forwarding job.

 

[OzarkEdge]

Who do you trust most,

Quad9.

Who do I distrust most? ISPs, and Big Data as they slowly but surely erode the open web... and the current US regulatory oversight.

Just my gut feelings about it.

But I'm using AdGuard Public DNS (DoT) for the ad blocking.

OE

 

[RMerlin]

This quote from the video is still the tough decision for a lot of people. Who do you trust most, or who do you distrust least?

The same question applies to pretty much any service.

- Who do you trust most for hosting your emails: Google, Microsoft, Proton or your ISP?
- Who do you trust most for securing your PC: Eset, Trend Micro or Microsoft?
- Who do you trust most for providing your reliable Internet access: Comcast, Starlink, Google?

At that point, all one can do is ask for other users' opinions, and compare these with their own values and requirements, and make a decision. There's simply no single good answer for any service, as everyone may have different requirements. For me, ECS is important for my DNS resolver, while for someone else it will be privacy and security. Neither of us would be wrong, we just have different requirements.

 

[Rajjco]

I always take this saying to heart "If a service is free then your data is the product".