HTTPS only ensures the data stream is private and protected, but DNS requests can still leak things like search queries or other bits of identifying info.
If you setup your own VPN in a VPS, it will not protect your privacy since the hosting provider usually can be subpoenaed for information on the owner of a particular server.
How would a DNS request leak a search query? Not much more than the domain name is sent in a DNS query. And likely the OS has the search engine in the DNS cache so each search doesn't require a DNS query.
You make a search and then you start clicking through the websites in the results. A lot of browsers also do link prefetching, so even just the fact that you open search results will reveal info about the query because your browser might preemptively resolve DNS for result items.
And likely the OS has the search engine in the DNS cache so each search doesn’t require a DNS query.
Cache doesn't matter, you still have to build up the cache in the first place which will make DNS calls out. The TTL for DNS cache entires is usually pretty short as well at around 5 minutes, so even if you have a cache, your computer will still make DNS calls out periodically at quite a frequent rate. My point is that HTTPS doesn't prevent third parties from snooping on your browsing habits because it does nothing to hide your DNS queries.
Yes your original point was well made. It just wasn't clear yet how DNS requests would leak search queries. So more precisely, multiple DNS requests with local cache misses in a short period of time can be used to infer search queries. Like if there are DNS requests for google, amazon, and a botany supplier one after another, then it could be inferred that you searched for something related to shopping and plants.
And at least that entity has some stake in doing what they say they are doing. Proton VPN just to pick one as an example should care a lot about if a story were ever to surface about not being trustworthy as users would leave since that's it's only purpose.
My ISP on the other hand probably doesn't care too much since my choices are A) take it, or B) leave it and go without internet (or drastically subpar services, 5G internet, satellite, etc).
This article is downright harmful.
HTTPS only ensures the data stream is private and protected, but DNS requests can still leak things like search queries or other bits of identifying info.
If you setup your own VPN in a VPS, it will not protect your privacy since the hosting provider usually can be subpoenaed for information on the owner of a particular server.
How would a DNS request leak a search query? Not much more than the domain name is sent in a DNS query. And likely the OS has the search engine in the DNS cache so each search doesn't require a DNS query.
You make a search and then you start clicking through the websites in the results. A lot of browsers also do link prefetching, so even just the fact that you open search results will reveal info about the query because your browser might preemptively resolve DNS for result items.
Cache doesn't matter, you still have to build up the cache in the first place which will make DNS calls out. The TTL for DNS cache entires is usually pretty short as well at around 5 minutes, so even if you have a cache, your computer will still make DNS calls out periodically at quite a frequent rate. My point is that HTTPS doesn't prevent third parties from snooping on your browsing habits because it does nothing to hide your DNS queries.
Yes your original point was well made. It just wasn't clear yet how DNS requests would leak search queries. So more precisely, multiple DNS requests with local cache misses in a short period of time can be used to infer search queries. Like if there are DNS requests for google, amazon, and a botany supplier one after another, then it could be inferred that you searched for something related to shopping and plants.
Thanks for the detailed response!
Fun fact your data isn't safe anywhere
No, but you can at least choose who you distrust the least with a VPN.
And at least that entity has some stake in doing what they say they are doing. Proton VPN just to pick one as an example should care a lot about if a story were ever to surface about not being trustworthy as users would leave since that's it's only purpose.
My ISP on the other hand probably doesn't care too much since my choices are A) take it, or B) leave it and go without internet (or drastically subpar services, 5G internet, satellite, etc).
Meanwhile, ISPs actively sell every single byte about you and your browsing habits that they can.