This website uses Google Analytics and Advertising cookies, used to generate statistical data on how visitors uses this website (with IP anonymization) and to deliver personalized ads based on user prior visits to this website or other websites. [read more]
These cookies are disabled by default until your Accept/Reject Consent.
The Consent can be changed at any time by accesing the ePrivacy button located at the bottom of every page. Enjoy your visit!

How secure is today's internet browsing and browsers

During last years, starting with HTTPS Everywhere initiative by Google, big internet players have invested in securing the internet browsing experience. Still, even if now it's free to provide encrypted communication to websites, there are unsolved problems in BGP and DNS, as hijacking and sniffing.

The DNS queries

Every time we request a resource from a domain name, e.g. visiting a website, an initial request (query) is made to a DNS server, the server responsible to translate for us the domain name we are visiting into an IP location. It's like asking (make a query) an authorized person from a train station info point (the DNS server) on what line is parked the train that goes to Vienna. And the answer will be e.g. 7 (the IP) or whatever the current line (IP) is.
Now, if our query is made unprotected, then everyone listening on the wire (hear our query) can intercept our queries and do whatever they like with this information, maybe profile us/our habits, or worse, can trick us and redirect to an obscure destination.

Technologies used today to protect our DNS queries are: Secure DNS (DoH - DNS over HTTPS / DoT - DNS over TLS), DNSSEC, TLS 1.3 and Encrypted SNI (Server Name Indication) and in order to protect our privacy, if we care about it, then we must ensure that we are using those technologies.

To test how secured are our DNS queries, using our daily used browsers we can visit https://www.cloudflare.com/ssl/encrypted-sni/ where we can find the answer by hitting the "Check My Browser" orange button.

And if the result is looking like this ..

Cloudflare Secure DNS, DNSSEC, TLS 1.3 and Encrypted SNI

Then we have done a great job regarding our online privacy.

By default, don't expect much, the full green check line won't be available very soon in any browser, but there are ways on how we can acquire that right now, check my test results.

Testing Secure DNS, DNSSEC, TLS 1.3 and Encrypted SNI in Firefox, Chromium and Google Chrome

As we can see, from 10 different scenarios, only one protect our DNS queries and privacy, and that's Firefox with a custom config and with the help of the Cloudflare (1.1.1.1) DNS resolver.

Browsers custom config and DNS solution used in above test scenarios

custom

available only in Firefox for desktop, it implies changing two values in the about:config
network.trr.mode 2
network.security.esni.enabled TRUE

1.1.1.1

Cloudflare DNS Proxy is available for Android by installing the 1.1.1.1 app from Google Play
Cloudflare DNS Proxy is available for Ubuntu by installing dnscrypt-proxy from repositories and by setting 127.0.2.1 as the DNS Server in our network connection applet.
For Windows, https://simplednscrypt.org/ is the dnscrypt-proxy alternative DNSCrypt solution. (Didn't tested)

Pop!_OS dnscrypt-proxy and network manager connection DNS server IP configuration

That's all folks, don't be fooled that your online privacy doesn't matter or that we can't do anything about that because it matters and we have instruments to protect it. Until next time.

label_outline

Share this post on your favorite networks.
© Copyright 2017 b247.eu.org | Just another information technology blog - All Rights Reserved