mr_b on Nostr: ...

quoting nevent1q…ggsr

Another basic and very easy privacy tip for everyone.

Encrypt all your home DNS queries.

By default DNS queries are not encrypted and it is very easy for an external attacker to know all the websites you query, for example, by sneaking into your network and running a packet sniffer like Wireshark, but what is worse, your ISP can see everything and use this data to treat them and in the best case to sell them, in the worst case to make behavioral profiles for your favorite government.

If an attacker manages to penetrate our network, it is difficult to prevent him from sniffing our DNS queries, to prevent it in this case we would have to use DoH on all devices and unfortunately most home devices do not support it. Although we can easily solve that your ISP can't see your DNS queries.

How? Most devices do not support DoH.

Simply install an Adguard home device on your network, you can use your Raspberry for example or a virtual machine that is always on as a proxmox container that consumes virtually no memory or disk space.

Configure Adguard Home to perform DNS queries through DoH, I recommend using Quad9 as they have a better privacy policy than Cloudfare.

In your router change the DNS that is assigned by DHCP to the ip of the machine where Adguard Home is installed, this way all the devices in your home will make DNS queries to the Adguard server and this in turn will redirect the query by DoH to Quad9 so your ISP will not be able to intercept your DNS queries.