One’s browsing activities can be tracked and used by internet service providers as well as different companies by logging the queries of DNS servers. Because just about all DNS servers keep logs, meaning that they store DNS requests received for a period. Thus, someone could take a look at the DNS log records and find out your browsing habits and history. Yes, this is possible!

What can your ISP really see?

This is dependent on a couple of factors – the IP address that is automatically assigned to you by the ISP when you take up the service and the kind of information you readily share online. Let’s say, for example, you are one of those extremely careful people who does not put any of their confidential information online (granted, this is very difficult to do nowadays). In this case, the most common data that your ISP will gather, based solely on your active IP address, includes the following:

  • How much time you spend on certain web pages
  • The URLs you visit online
  • Your online/offline habits (when you typically log in and off)
  • How much time you spend on certain web pages

Why Do I need to use no log DNS and why DNS encryption matters?

DNS is a public directory and your ISP sees almost every single request made to it. Because these DNS queries are never encrypted and are public, your ISP or a third party will see every query sent from your computer, even if you are using an encrypted connection.

If you are using your ISP’s service to read your emails, do online research, watch videos, make purchases, use apps, and almost anything else online, then your ISP has a record of where you go and what you do.

Recommended List of No Log DNS Servers

DNS Watch

Primary DNS:
84.200.69.80
Secondary DNS:
84.200.70.40

OpenNIC

Primary DNS:
46.151.208.154
Secondary DNS:
128.199.248.105

UncensoredDNS

Primary DNS:
91.239.100.100
2001:67c:28a4::
Secondary DNS:
89.233.43.71
2a01:3a0:53:53::

German Privacy Foundation

Primary DNS:
87.118.100.175
94.75.228.29
Secondary DNS:
85.25.251.254
62.141.58.13

CZ.NIC

Primary DNS:
46.151.208.154
Secondary DNS:
128.199.248.105

Dnscrypt One

Primary DNS:
144.91.106.227
2a02:c207:3004:5862::1

Dnscrypt Two

45.76.35.212

Foundation of Applied Privacy

DNS-over-HTTPS (DoH)
https://doh.applied-privacy.net/query
DNS-over-TLS (DoT)
93.177.65.183
2a03:4000:38:53c::2

#Keep watch of this post. Down the road I may be posting more DNS No Log Servers.

A no backdoor policy on important computer or a smart phone application should be mandatory. Every cybersecurity expert on the planet knows by one installing a backdoor one automatically opens oneself to a third party (ex. hacker) begin able to use that same doorway no matter how secure its developed.

The other day I read a couple news articles in regard to Australia’s Prime Minister Scott Morrison who is backing a controversial anti-encryption laws that would force technology companies to give the police and spy agencies access to data from phones and other devices of suspected criminals including computers in the name of national security. Backers are stating this bill will help combat child sex offenses and terrorism. This bill if passed into law will give the Australian government broad powers that will undermine cybersecurity, human rights, including the right to privacy by forcing companies to build backdoors and hand over user data even when it’s encrypted. Also this bill will enable the Australian government if they wanted to order the makers of smart tv’s or home speakers to install persistent eavesdropping capabilities in a persons home thru their products. The tech company Apple recently sent their comments to the Australian government how dangerous it would be if this were to pass and were forced to lower their security as well as others and it would open many to various dangers specially from cyber criminals. Here is a link to their comments.

Australia is not the only one. Wikileaks in 2017 disclosed and released information on the CIA and the NSA capabilities of being able to spy on people by listening to them thru their smart televisions and other methods. You can read about it in this article from the Washington Post. This is where I see the biggest issue about all this, its the abuse of these surveillance powers on others to exploit them for profit or do harm to one for one’s benefit or just be a bully to them.

For example lets say the Australian government forced Microsoft to install a backdoor into their Office 365 software that would allow them to capture not just Skype messages, but sent automatically into the Cloud from their laptop or desktop also saved Word or Excel documents and they would also get archived in a government server. Then each person would have a profile.  Lets say its just a feature to target a terrorist or someone who is under surveillance that is a threat. Maybe its not, but for all a secret capability. Imagine this being the perfect tool for the thought police like the novel of Fahrenheit 451 where a society/government censors literature and destroys knowledge. What assurances if this were created to the end users that Microsoft would not be utilizing this feature to spy on its competitors or a hacker working for a foreign power could exploit this feature as well and will be able to do a search on anyone thus abuse it.

Our government as well as others deal with all kinds of threats everyday and there is a great need for surveillance to counter and deal with things. I am for my government utilizing technology to counter threats that would could threaten me, my family, and my country’s security from a terrorist attack for protection purposes. Not in ways that would be considered abusive and could lead to others exploiting what they collected on me or a friend and it gets abused by a third party for other purposes rather than a law enforcement matter. There are applications out there that are critical to our country’s infrastructure and economy that there should not be a backdoor or be monitored.

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. Simply it turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks (MITM) DNS spoofing occurs when a particular DNS server’s records of “spoofed” or altered maliciously to redirect traffic to the attacker.

Now for the longest time like many others on the net have been wanting to get DNSCrypt working on their routers. One of those limitations has been it has been due to processing power on local home/small office routers. In DD-WRT you need to enable dnsmasq.

Once you have enabled this the next step is you need to go to the administration tab if you notice its not functioning and run the following start-up command:


dnscrypt-proxy -a 127.0.0.53:5353 -R cs-dk -L /etc/dnscrypt/dnscrypt-resolvers.csv

Click here view your selection of DNS servers worldwide running DNSCrypt.

Save

Save

Save

Save

Get an A+ on Qualys SSL Labs Test

Getting an A+ on the Qualys SSL Labs test can be tedious, specially if you are trying to achieve this for the first time. This is a work in progress. In the meantime here are some configurations to aid you
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

Depending on
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;

# Enable HSTS
add_header Strict-Transport-Security max-age=63072000;

# Cache SSL sessions for 10m (this is about 40,000 sessions), timing them out
# after 24 hours.
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;

# Set the buffer size to 1400 bytes (that way it fits into a single MTU).
ssl_buffer_size 1400;

#ssl_stapling on;
#ssl_stapling_verify on;
#resolver 8.8.4.4 8.8.8.8 valid=300s;
#resolver_timeout 10s;

Generating Key

cd /etc/nginx
openssl dhparam -out dhparam.pem 4096

Odin Plesk Command

/usr/local/psa/admin/bin/httpdmng –reconfigure-all

nginx -s reload

With the rise of IoT (Internet of Things) our society is going through another technological transformation where machine-to-machine communication is inter-connecting into everything. This topic takes me back to 2007 when I really began to unravel the great works of James Martin, Vannevar Bush, Konrad Zuse, Seymour Cray (too many to name), and even looked into Project Cybersyn with the principal goal to develop the perfect harmonic AI and Sound Distribution System.

This was an exciting journey of discovery and exploration for me specially into the secret sciences. It has brought great inner growth and at the same time has aided in expanding my consciousness into a higher state of mind. Yet at the same time it has humbled me greatly.

I disclose all this because I want to issue a warning that a great chaos is coming soon unless governance is in place for the processes. In the next 5 to 10 years we are going to see many homes and devices in unison communicating to each other. Including the development of even more software’s and appliances that will be plugged in with Big Data making software smarter.

AI Governance is coming whether we like it or not. The question is will it be democratic or totalitarian?

Why The Need For AI Governance Is Coming

Cybersecurity threats and cyber criminals, this is why AI governance is coming. Also because IoT (internet of things) will seek to connect any device (animals, computers, humans, objects, machines, robots.) to the Internet or any other network without external (human or machine) intervention. The demand for security will push us towards adopting a governance policy. IoT Botnets will be the major de facto.

We need to be very careful about artificial intelligence that we do not create a monster or the monster that causes an imbalance or breaks the natural laws of creation in which the universe operates and is governed by.

I am in agreement with Bill Gates, Steven Hawkins, and Elon Musk who have recently spoken about the dangers of artificial intelligence. The biggest danger in my opinion is to play god with artificial intelligence and break natural laws of creation. This is why me or my company will not be releasing our treasure trove on our artificial intelligence research because it will allure in many the curiosity to break the natural laws in the name of science.

Protecting Our Internet Rights and Freedom

We need to be utilizing artificial intelligence and its technologies for the betterment of humanity to better manage and protect our computer systems (Kudos to Bitninja). We also need to improve our internet protocols and specially prevent and watch out for any private or public sector entity that would like to put a backdoor on encryption or put in place censorship controls that will lead towards totalitarianism.

Today, I read an news article about China’s new censorship weapon that can cripple your website in Quartz’s news website. I am actually not surprised China has developed this attack tool not only to enforce censorship, but for them to have the capability to infect millions of computers just like the NSA was only a matter of time. Edward Snowden not long ago reveled to us proof that the National Security Agency was dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems. (Click here to read more)

 

image03-1024x809
This tool can hijack traffic to individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.

Source: https://citizenlab.org/2015/04/chinas-great-cannon/

 

This is what worries me about the development of these weapons such as these:

Since the GC operates as a full man-in-the-middle, it would also be straightforward to have it intercept unencrypted email to or from a target IP address and undetectably replace any legitimate attachments with malicious payloads, manipulating email sent from China to outside destinations.  Even email transmission protected by standard encryption (STARTTLS) can be undermined because the GC is in a position to launch a “downgrade” attack, steering the transmission to only use legacy, unencrypted communication.

Our findings in China add another documented case to at least two other known instances of governments tampering with unencrypted Internet traffic to control information or launch attacks — the other two being the use of QUANTUM by the US NSA and UK’s GCHQ.  In addition, product literature from two companies, FinFisher and Hacking Team, indicate that they sell similar “attack from the Internet” tools to governments around the world.57  These latest findings emphasize the urgency of replacing legacy web protocols, like HTTP, with their cryptographically strong versions, like HTTPS.

Encryption Matters

Save