Note: This setup is both for my android and pc Edit: For those recommending paid services and selfhosting, I don't have the money nor resources for either. Also it seams some people are confusing my android setup with my PC setup so I'll write it down. Android: Brave(movies) + Ironfox, Search: Brave + DDG, VPN: Proton ( not always on), GPay = Cash, Auth= Aegis Auth, Pass: KeepassDX, PC: Firefox= Librewolf, VPN = No VPN (VERY slow internet), Search: Searxng + DDG, Pass: KeepassXC,
What privacy concerns are there with using your ISP DNS? (honest question, not judging)
ISPs not only have a monopoly on connectivity and bandwidth prices - which they severely abuse by the way, considering the actual operational costs - but they also have everything to gain on analyzing your traffic, DNS queries being one of them. They already have a bunch of personally identifiable information (PII) on you (full name, date of birth, banking information and, in some countries, even social security number). Linking that PII to your DNS requests (read: what websites you visit) and selling that to data brokers is a pretty low effort sweet deal. Long are the days gone when ISPs only provided Internet service.
Texts on the topic:
Videos on the topic:
In my country they implemented national wide surveillance in the network infrastructure and they keep track of everything Edit: that's why internet is very slow
Well ain't that some shit 🙁
Your ISP can see what websites you visit. But even if you change DNS server it can still see that if you don't use either a VPN or DoH/DoT.
So it's a good idea to use DoH or DoT. It's an improvement but it's far from perfect because the DNS server you'll pick will see what site you visit, you have to trust them. And your ISP still has other ways to see which site you visit.
They can still see what sites you visit even with Secure DNS though. That only blocks your ISP from seeing what domain names you're connecting to, but they can still see the IP addresses. It's useless, unless you're using a VPN in which case it is worse for your privacy as it makes you more identifiable than just using your VPN's DNS.
Yes, that's why I ended with:
Even with secure DNS they can still see the domain name with the SNI, which is probably more reliable than an IP address. Last I checked very few websites used ECH. I would still argue that it's better to have encrypted DNS requests than non-encrypted ones.
Depends where you are, and what laws your ISP is required to follow with regards to blocking/tracking. Personally I like Quad9.
dns requests flowing through your ISP means they know where you (want to) go and 3rd parties can potentially determine identity based on certain aspects (date time of request, how many, etc) can matter to law enforcement, surveillance/state efforts, hackers and beyond) because ISP may not govern well or, hell, wven sell those requests or just 3rs party manages it without your knowledge etc )
it's better to have a known good dns provider that can offer a little trust but realistically nothing is 100%...