cross-posted from: https://links.hackliberty.org/post/2005038
I know this is an outrageously bad idea, I don’t need convincing. I am just looking for some more information and discussion on what exactly the exposure and surveillance risk is.
I’m asking both for my own education (I am still very green to networking), and to better explain to people in my life if and why they should care.
-
Is it true that traffic can be tracked and logged by ISP through DNS lookups, as these routers are preconfigured to use their internal dns service?
-
If this is changed (like base.dns.mullvad.net), how much does this actually mitigate the risk here?
-
What about when a VPN (mullvad) is also being used at all times? Would it then be “overly paranoid” to fear this untrusted box all the traffic goes through?
I personally take a conservative approach to things like this and assume it’s an unacceptable risk, but I don’t really understand what the truth is.
Thank you in advance for your time and thoughts.
EDIT: I’m asking about US and US adjacent areas
Sure. Most of the actual traffic is encrypted by https these days. So they can’t look inside. But they can see to what IP you send these encrypted packets and from where packets come to you.
With DNS they can see what domains you typed in and your computer looks up. Just the part to the .com or something and nothing after. And sure, they’re preconfiguring their DNS server. Because they’re an internet service provider and you pay them to provide services like domain name lookup to you. They’re certainly not going to preconfigure a server of their competitors and funnel your data to them.
With something like Mullvad, if you configure that correctly (!) also your DNS requests go through an encrypted tunnel. Now your ISP can only see you connect to some Mullvad server. And now Mullvad provides DNS to you and they’re now the ones who can see what kind of domains you look up.
You can often just change your DNS settings. Either in the devices or for all your network in the router. But mind that plain DNS on port 53 is unencrypted. You’re connecting to a different setver then, but theoretically they could snoop on you if it’s an unencrypted connection.
Isn’t there some ISP in the US that is kinda trustworthy? I mean Mullvad or all the other VPN services are companies, too. Depending on your use-case and threat scenario, you might want to choose a different ISP if you’re afraid of them… But I’m not an expert on American companies. And I also use third-party DNS servers. I own my Wifi router and I set the DNS to opennic.org and also configured an AdBlocker.
Got it, thank you for taking the time to explain.
Isn’t there some ISP in the US that is kinda trustworthy?
Uhh I do not think so. But I could be wrong.
Someone more technologically savvy than me can probably give you an answer but is there any reason why you’d use an ISP-provided router? Those “rental” fees are outrageous considering the fact that you can buy a Nighthawk for the price of only a few months payments.
No, but how am I supposed to convince someone I care about who might not even care that much about privacy/security to change their working internet setup when I don’t even fully understand the situation and can’t explain it to them?
I agree with your sentiment but I think you may have misunderstood me.
They may not know if it is changed 😄
Closed source and sometimes they prevent you from changing DNS and probably can’t put a VPN on it. Also I’ve read specifically about ASUS routers collecting information on the network seperate from the DNS so I would imagine every company is doing that.
Changing your DNS to a private one is worth it as it’s incredibly easy to do and certainly can’t be a bad thing.
