Hi Guys,
Today, I want to discuss Domain Name System (DNS). I will explain DNS, how an attacker can exploit it to spy on you, and how to enhance your privacy using private DNS mode. I will also show you how to set it up on Android and iOS. While the concept of DNS and private DNS may seem technical, I will simplify the information so that all our users can easily understand and act to protect their online privacy. Let’s get stuck in 🙂
What is DNS
- DNS stands for Domain Name System, which translates human-friendly domain names (e.g., www.example.com) into IP addresses that computers can understand
- When you search or visit a website, a DNS lookup occurs to find the site’s IP address; it is the phonebook of the Internet.
How DNS Can Be Exploited
With the right technical skills, someone can intercept your DNS queries, revealing the sites you search for and visit. Here are three of the most common ways:
- Network Eavesdropping: If a person has access to the same network as you, such as public Wi-Fi, or if they are connected to your home network, they can use special tools to monitor the network traffic, including your DNS queries. By doing so, they can see the websites you’re visiting and even redirect you to malicious websites.
- Man-in-the-Middle Attack: In this scenario, an attacker intercepts your DNS queries and alters the responses before forwarding them to you. This way, they can redirect you to malicious websites or monitor the sites you visit.
- Compromised DNS Servers: If an attacker gains control over a DNS server, they can manipulate the server’s responses to DNS queries. This allows them to monitor the sites you visit or redirect you to harmful websites.
Enhancing Privacy with Private DNS Mode
- Private DNS mode encrypts your DNS queries, keeping your searches and visited websites private
- It prevents outsiders from monitoring or intercepting your online activities
- Using private DNS mode is strongly recommended for better privacy, particularly on public Wi-Fi networks
Picking your private DNS provider
Before I show you how to enable private DNS mode, we must pick a private DNS provider. I’m going to give both Google and Cloudflare options. Cloudflare’s DNS and Google’s Public DNS are secure options that provide encrypted DNS queries using DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) protocols. Choosing between them largely depends on your preferences for privacy and performance.
Cloudflare is often considered to be more privacy-focused than Google. Cloudflare is more committed to user privacy, with a minimal data retention policy and no personally identifiable data storage. The company also does not share DNS query data with third parties or use it for targeted advertising.
On the other hand, Google Public DNS is known for its reliability and speed. While Google states that it does not use DNS query data to target ads, it may collect some data, such as IP addresses, during the DNS resolution process for operational and performance improvement purposes.
I will give you details for both, and you can decide. You can switch between them and see which one works best for you.
Enabling Private DNS Mode
Android
- Open the Settings app.
- Tap Network & security > Advanced > Private DNS.
- Select Private DNS provider hostname.
For Google: Type in “dns.google” as the hostname of the DNS provider, then tap Save.
For Cloudflare: Type in “1.1.1.1” or “one.one.one.one” as the hostname of the DNS provider, then tap Save.
iOS
- Open the Settings app.
- Tap Wi-Fi.
- Find the Wi-Fi network you want to change DNS servers for, then tap the ⓘ icon next to it.
- Scroll down to the DNS section, then tap Configure DNS.
- Select Manual, Select Add Server, then enter one of the following:
For Google:
IPv4:
8.8.8.8
For IPv6:
2001:4860:4860::8888
For Cloudflare:
IPv4:
1.1.1.1
IPv6:
2606:4700:4700::1111
2606:4700:4700::1001
Windows and Mac
This is a bit more complicated, so contact our experts via the Talk to an Expert option within Incognito, and we can talk you through it.
Using these addresses or hostnames, you can configure your devices to use Google Public DNS or Cloudflare’s DNS service for a more secure and privacy-focused browsing experience. If you have any questions, please don’t hesitate to contact us through the “Contact Us” section of the app. Our dedicated team is always ready to help you enhance your online privacy and address any concerns.
Let me know if you need any help or assistance.
Talk to you soon.
Max Roberts,
Incognito Privacy Care Team.