General Discussion

justaprogressive

(2,599 posts) Sun Dec 29, 2024, 12:28 PM Dec 29

Safer Internet Browsing With One Change

The internet is a dangerous place. There are websites that will happily deliver you malware, or display violent or sexual imagery after your child unsuspectingly clicks on a link. While there are lots of ways to protect yourself when browsing online, there’s one quick way to protect everyone who uses your home’s internet network at once, by using something called an alternative Domain Name System resolver.

Every time you tap a link or enter a URL into a browser, that link gets translated (or “resolved”) from the letters you typed in (e.g., Slate.com) to an IP address (e.g., 151.101.130.133). The phonebook of sorts that makes this happen is called the Domain Name System, or DNS. The DNS runs on servers all over the world, known as DNS resolvers. You probably use the DNS resolver run by your internet service provider, if you got the router from them and never changed the settings. (Imagine a guy at Verizon sitting in a room looking up the letters you typed and converting them to an IP address, and then sending you on your way—it’s like that, but a computer instead of a guy.)

The trouble with these default lookup systems is that, often, they are not very discerning: If your second grader types in Pornhub.com, that DNS resolver will go right ahead and resolve that to its IP address, and send your kid out into an area of the internet they shouldn’t yet know about. If you look up a site that will deliver malware to your computer, the DNS resolver may just be like: Yes, go right ahead.

The other thing is: Those internet service providers are seeing everything you look up. If you find this a little disturbing from a privacy perspective, you’re not alone! Comcast is one of the good guys in the space (I was surprised, too). They address DNS directly in their privacy policy, noting, “Comcast does not use Comcast DNS data for marketing, advertising, or sales purposes, and does not sell this data to third parties for any purpose.” Verizon, on the other hand, explicitly states that they do use your DNS lookups to “predict your interests, preferences and other insights we use in the program.” That “other insights” covers, uh, a lot of potential uses.

https://slate.com/technology/2024/12/internet-kids-privacy-use-an-alternate-dns-how-to.html

9 replies

= new reply since forum marked as read

Highlight:

Safer Internet Browsing With One Change (Original Post) justaprogressive Dec 29 OP

please give us the 'one change' stopdiggin Dec 29 #1

A lot of OPs just grab 3 paragraphs and are done. Igel Dec 29 #3

All of my computers DNS settings are set to 1.1.1.1 ItsjustMe Dec 29 #2

Have you had any issues? QED Dec 29 #6

I've been using these DNS settings for years. ItsjustMe Dec 29 #7

Thanks! QED Dec 29 #8

And for people like me bamagal62 Dec 29 #4

The link in post #2 gives directions QED Dec 29 #5

Thx! bamagal62 Dec 29 #9

stopdiggin

(13,112 posts)

1. please give us the 'one change'

Reply to justaprogressive (Original post)

Sun Dec 29, 2024, 12:46 PM

Dec 29

that is going to make us 'safer'.
(appreciate that you included a good sized clip of article - many posts would benefit by doing so)
Alas, that clip doesn't get to any real 'meat' - as in recommendations or solutions.

Igel

(36,359 posts)

3. A lot of OPs just grab 3 paragraphs and are done.

Reply to stopdiggin (Reply #1)

Sun Dec 29, 2024, 01:01 PM

Dec 29

I agree.

The one thing (and I hope I'm not exceeding fair use):

Fortunately, you have options as to which middle man you have retrieving websites for you, and there are choices beyond just the internet big guys. By changing your DNS to another service, you can change who is in charge of your DNS lookups. You can use a free public DNS resolver that will automatically block known malicious domain names and that won’t be giving away information about your browsing.

There are lots of different DNS services that you can use that prioritize safe browsing and security (and like websites themselves, they all have their own IP addresses—even the phonebook guy has a phone number). Google runs one at 8.8.8.8, a company called Level 3 runs the nerdily infamous 4.2.2.2, and most ISPs (AT&T, Cox, etc.) have one. The one I recommend is called 1.1.1.1 and is offered by Cloudflare. Cloudflare not only built its free service with privacy in mind (they throw out the search logs every 24 hours), it also offers two additional options for blocking malware and adult content called DNS for Families.

Cloudflare’s installation guide is your best resource for how to update your home network to use Cloudflare 1.1.1.1. At its most basic level, you’ll update DNS settings on devices to remove two IP addresses and replace them with two new ones. If you just want to stop having your internet use logged, you’ll use 1.1.1.1 and 1.0.0.1. If you also want to block malware, use 1.1.1.2 and 1.0.0.2. If you want to block malware and adult content, use 1.1.1.3 and 1.0.0.3.

ItsjustMe

(11,922 posts)

2. All of my computers DNS settings are set to 1.1.1.1

Reply to justaprogressive (Original post)

Sun Dec 29, 2024, 12:52 PM

Dec 29

https://one.one.one.one/dns/

QED

(3,008 posts)

6. Have you had any issues?

Reply to ItsjustMe (Reply #2)

Sun Dec 29, 2024, 04:19 PM

Dec 29

I followed the link and walked through the directions which were easy. But I didn't click OK...I don't want to mess up my system and wanted to see if others are doing okay with this change.

ItsjustMe

(11,922 posts)

7. I've been using these DNS settings for years.

Reply to QED (Reply #6)

Sun Dec 29, 2024, 04:31 PM

Dec 29

I've never had any issues with them, and to my knowledge nobody has ever had any issues using these DNS settings. People that are interested in security and privacy use these settings.