It can be very challenging to hide your tracks when surfing the web, either on your computer or your phone (or really any modern “smart” device). Even if the contents of your communications are encrypted, it’s nearly impossible to hide the metadata: when you communicate, with whom you’re communicating, how long you communicate, etc.
Operator, Get Me Amazon.com
One of the most glaring holes is the “who” part. When you tell your web browser to go to Amazon, your computer doesn’t know how to reach it. The host name “amazon.com” is for human consumption – it’s something a human can easily remember, but it’s not a definitive address. It’s like a speed dial on your phone: you assign the name “mom” to her actual phone number that you may have a hard time remembering. Computers work the same way – they need to translate “amazon.com” to a globally unique Internet Protocol (IP) address, like 205.251.242.103.
Host names are converted to unique IP addresses using a service called Domain Name System (DNS). Typically, when you hook up your computer to the network, your computer is issued it’s own unique IP address along with the address of the default DNS. You don’t have to do anything, it’s done for you. However, the default DNS is not usually the best DNS – either in terms of speed or (in particular) privacy. The DNS service knows every website you visit, so you might want to actually choose your DNS service carefully. The default DNS is almost surely belongs to your internet service provider (ISP) and most ISPs have shown time and again that they are more than willing to monetize your surfing habits.
Secure, Fast, Private DNS: 1.1.1.1
There are several free and useful DNS services out there. In the past, I have recommended Quad9 – which is still a good option. But today I’d like to recommend Cloudflare’s 1.1.1.1 DNS service. It’s blazingly fast (which will make web pages load faster), it’s secure and it’s focused on privacy. (I actually interviewed Cloudflare’s CTO, John Graham-Cumming, about this service when it debuted last year.)
For your computers, you will have to configure the DNS server by changing your network configuration. It’s not as bad as it sounds. You can find a complete how-to guide here for PC and Mac (or in my book, Tip 7-11). You can also set the DNS for your entire household (everything connected to your home network) by setting the DNS on your WiFi router (also, Tip 7-10 in my book).
For your smartphone, however, you’ll need to install Cloudflare’s 1.1.1.1 app, which you can conveniently find on the 1.1.1.1 website.
Cloudflare’s New VPN: Warp
Cloudflare just announced that they will be bundling a full-fledged mobile VPN (Virtual Private Network) with the 1.1.1.1 app soon called Warp. To get in line to get this new app, you’ll have to register through the 1.1.1.1 app itself. Cloudflare expects the service to be available to all registered users by the end of July. They will offer a free version of the service, as well as a deluxe version called Warp+ which will charge a “low monthly fee”. If you read the full announcement article, they carefully explain their business model and why you should trust them.
I’m very much looking forward to trying this VPN out. VPNs can be troublesome to setup and use, but if anyone can pull off a seamless experience, it’s Cloudflare.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!
