Cloudflare DNS 1.1.1.1

[Midevil Chaos]

Normally, you would use a VPN in order to anonymize yourself on the net by preventing your ISP (and others) from tracking what you do. In terms of anonymity, would Cloudflare, for example,  be capable of doing something similar to that? If so, to what degree?

I have a brand new computer, with a fresh install on Windows and I decide to modify the DNS to 1.1.1.1. Then, I visit this forum and hope I am anonymous and that my ISP (or others) cannot track me. Basically, this is what I feel Linus' video seems to say. Basically, Linus Tech Tips' video about this seems to say that a VPN would useless while using Cloudflare. Perhaps I am misunderstanding that video altogether, or simply missing something?

[Phentos]

Changing your DNS settings alone won't make your traffic anonymous, if that's what you mean. You would need a full VPN service that would reroute your traffic through only their servers.

[orbitalbuzzsaw]

2 minutes ago, Phentos said:

Changing your DNS settings alone won't make your traffic anonymous, if that's what you mean. You would need a full VPN service that would reroute your traffic through only their servers.

That or tor

[Midevil Chaos]

Phentos, That's what I meant exactly. My secondary question in this case is, what does Clourdflare DNS do in terms of privacy. I am not clear on what it does.

OrbitalBuzzsaw, Tor is... awful in my opinion. It is way too restrictive for what most people would need lol.

[Phentos]

2 minutes ago, OrbitalBuzzsaw said:

That or tor

Bit overkill there, but yes Tor would work 

[orbitalbuzzsaw]

1 minute ago, Phentos said:

Bit overkill there, but yes Tor would work 

VPN and Tor stacked is what I use sometimes

[Phentos]

8 minutes ago, Midevil Chaos said:

Phentos, That's what I meant exactly. My secondary question in this case is, what does Clourdflare DNS do in terms of privacy. I am not clear on what it does.

Cloudflare is a web service provider. They provide CDN, DNS, server hosting, and other network services to webhosts. 

[Midevil Chaos]

No, I mean in terms of actually using their DNS service 1.1.1.1 on your personal PC, and not in terms of the net globally (infrastructure, network, website hosting etc.). Basically, as a private end user.

[Phentos]

Just now, Midevil Chaos said:

No, I mean in terms of actually using their DNS service 1.1.1.1 on your personal PC, and not in terms of the net globally (infrastructure, network, website hosting etc.).

May or may not be slightly faster than your ISP's DNS services. In terms of security I don't see a difference except that your ISP won't be serving DNS requests, which is kind of a non-factor if you care that much about security since they see your data anyway.

[Tabs]

9 minutes ago, Midevil Chaos said:

Phentos, That's what I meant exactly. My secondary question in this case is, what does Clourdflare DNS do in terms of privacy. I am not clear on what it does.

OrbitalBuzzsaw, Tor is... awful in my opinion. It is way too restrictive for what most people would need lol.

 

Just using Cloudflare doesn't do much for privacy, even though they don't log requests and anonymise all data.

 

Sure, it means your ISP doesn't reply to your DNS requests from their DNS servers, but your DNS looksups are still plaintext. Anyone (including your ISP, if they were so inclined) could examine your plaintext traffic and still see your name server lookups.

 

It sounds like what you need is to secure your DNS queries - use something like DNSCrypt Proxy to encrypt your dns queries before they ever leave your network. Cloudflare supports DOH (DNS over HTTPS), so you can use Cloudflare (with it's privacy-focused attitude to logging) with DNSCrypt (which encrypts queries) to ensure nobody between you and Cloudflare can log your DNS requests.

 

Edit to add: I've been using DNSCrypt-Proxy configured with Cloudflare at home for the better part of a month now. I already have a server at home so I didn't need to configure it on every machine in the house; I just set my DHCP server to point to my home server as a default DNS server, run DNSCrypt-Proxy on the server and - away we go. Cached lookups are extremely fast, and it's a very lightweight service - about 8MB of ram usage with a cache size of 4096.

Edited August 6, 2018 by Tabs

[Midevil Chaos]

Tabs, if I understand what you are saying correctly, using 1.1.1.1 and this DNS encryption would do the same thing as using a VPN?

[Tabs]

1 minute ago, Midevil Chaos said:

Tabs, if I understand what you are saying correctly, using 1.1.1.1 and this DNS encryption would do the same thing as using a VPN?

For your DNS queries, yes. All of your queries would be encrypted between your home network and your DNS service.

 

However, actual site data would still be sent in the traditional manner - if all you ever visit is HTTPS sites, it makes your traffic virtually impossible to decipher. Outside parties, like your ISP, or people who have man-in-the-middle access to your network will still know which specific IP addresses you're accessing, but not what sites they represent or what content on those sites you're accessing.

 

HTTP sites are still a large security and privacy risk, however, since the actual data between them and your home computer is sent in plaintext.

[Tabs]

@Midevil Chaos

 

If you need a primer - or want more information that isn't already in the link I posted, let me know.  Either quote me or tag me here, or feel free to send me a message.

 

I'm super tired right now so I may not be able to reply again tonight, but I'd be happy to answer any questions I can when I have time.

[Midevil Chaos]

Tabs, I see. No worries, rest well. It seems that, ultimately, that if my ISP decided it really wanted to know what site I went to, they could just look up the site via a site similar to whois. So, a VPN does seem like the best solution in this matter.

[Speed Weed]

CloudFlare DNS is not even 100% anonymously. Nothing is 100% anonymously if you don't host it yourself. CloudFlare DNS will going to log you secretly like some VPN services got caught secretly logging their users in the past. 

[Midevil Chaos]

Cloudflare gains nothing by doing so, since their entire platform is about protecting their users. If they were caught doing that, they would lose a lot of revenue.

[Speed Weed]

4 minutes ago, Midevil Chaos said:

Cloudflare gains nothing by doing so, since their entire platform is about protecting their users. If they were caught doing that, they would lose a lot of revenue.

How do they make revenue if user just easily setup their DNS? CloudFlare is a company and not a small organization, so there must be some way for them to make revenue by providing a DNS to consumers. In addition, they will going to keep some log about you in case you decided to use their DNS for some shady stuff that involve government agencies. 

[Midevil Chaos]

They sell services... that's how they make money. As for your last comment about governments agencies, that makes no sense. Companies ONLY release information if they are forced to - assuming they even have that information in the first place.

[Speed Weed]

6 minutes ago, Midevil Chaos said:

They sell services... that's how they make money. As for your last comment about governments agencies, that makes no sense. Companies ONLY release information if they are forced to - assuming they even have that information in the first place.

How do they sell DNS services when user can easily setup connection 1.1.1.1 in their routers? If they KEEP NO LOG about you then I can hardly imagine hackers will use their DNS to hijack a bank site or a government site that will involve government agencies to solve this or hackers will going to hacked into 1.1.1.1 DNS. 

 

Do you really trust CloudFlare? 

 

[Arika]

changing your DNS does not do what you think it does. If you want privacy you need a VPN

26 minutes ago, Midevil Chaos said:

Companies ONLY release information if they are forced to - assuming they even have that information in the first place.

that's a pretty funny joke.