undefined | Better HN

0 pointsmike-cardwell12y ago0 comments

"protects against DNS interception by my ISP"

Your ISP can still see the IP address of every web server that you connect to, and can still see the "Host" header that your browser sends in HTTP requests, and also in HTTPS requests (due to SNI) if you're using a reasonably modern OS/Browser combo.

All you've done is add an additional third party that can view and log what you're doing.

0 comments

2 comments · 1 top-level

ars_technician12y ago· 1 in thread

>All you've done is add an additional third party that can view and log what you're doing.

You forgot the part where it's protecting against trashy ISPs like the one in this article.

mike-cardwellOP12y ago

I did not forget that. The privacy lost is worse than the supposed "protection" gained by using DNSCrypt. "Trashy" ISPs can (and do) still intercept and modify the HTTP traffic even if they can't intercept and modify the DNS traffic.

j / k navigate · click thread line to collapse