←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 1 comments | 01 Apr 18 12:14 UTC | HN request time: 0.227s | source
Show context
ajross ◴[01 Apr 18 12:37 UTC] No.16727942[source]
This is the Cloudflare resolver, right? What's the "privacy-first" part about? It's just another third party DNS host. They haven't changed the protocol to be uninspectable and AFAIK haven't made any guarantees about logging or whatnot that would enhance privacy vs. using whatever you are now. This just means you're trusting Cloudflare instead of Comcast or Google or whoever.
replies(8): >>16727953 #>>16727957 #>>16727960 #>>16727965 #>>16727968 #>>16727969 #>>16727975 #>>16727978 #
yjftsjthsd-h ◴[01 Apr 18 12:40 UTC] No.16727968[source]
On the contrary, they've taken 2 big steps that are better than ISPs (not sure about Google):

* no logging

* DNS over HTTPS

replies(2): >>16728011 #>>16728249 #
therealmarv ◴[01 Apr 18 12:51 UTC] No.16728011[source]
Google is one of the first ones using DNS over HTTPS.

BTW if you want to use DNS over HTTPS on Linux/Mac I strongly recommend dnscrypt proxy V2 (golang rewrite) https://github.com/jedisct1/dnscrypt-proxy and put e.g. cloudflare in their config toml file to make use of it.

replies(2): >>16728137 #>>16733185 #
cptskippy ◴[01 Apr 18 13:22 UTC] No.16728137[source]
The whole point of encrypting DNS traffic is to hide it from the likes of Google.
replies(1): >>16728286 #
akquise ◴[01 Apr 18 14:01 UTC] No.16728286[source]
For me personally it is much more important to hide my DNS traffic from my ISP instead of Google, etc., even though I don't live in the US.

I pay them to access the internet, every further information they gather about my internet activity does not mean any benefit for me.

replies(2): >>16728551 #>>16728649 #
opencl ◴[01 Apr 18 14:49 UTC] No.16728551[source]
Hiding DNS traffic from your ISP is pointless when you have to give them the IP that gets resolved anyway for them to route your traffic.
replies(1): >>16728671 #
markonen ◴[01 Apr 18 15:14 UTC] No.16728671[source]
Not really. Typically the query includes much more information (the site you want to visit) than the response (an IP potentially shared by thousands or millions of sites).
replies(2): >>16728750 #>>16728762 #
1. pfg ◴[01 Apr 18 15:28 UTC] No.16728750[source]
You're still leaking that information due to SNI.