Privacy

33576 readers

416 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

How website detects DNS resolver? (self.privacy)

submitted 4 days ago by user_naa to c/[email protected]

5 comments fedilink hide all child comments

Hello! I recently tried NextDNS and noticed that is detects my current DNS resolved on the go. I just opened its website and it immediately showed my current resolver: When I tried changing private DNS to Cloudflatein settings it instantly showed my new resolver. But how exactly it works? Does the browser send used DNS server to website? Or it is done somehow via JavaScript? And also: So every website can know what I am using now? Can it be used for fingerprinting?

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 20 points 4 days ago (1 children)

The website requests an image or whatever from 27748626267848298474.example.com, where the number is unique for the visitor. To load the content the browser has to resolve the DNS for it, and the randomness ensures it won't be cached anywhere as it's just for you. So it queries its DNS server which queries your DNS provider which queries the website's DNS server. From there the website's DNS server can see where the request came from and the website can tell you where it came from and who it's associated with if known.

Yes it absolutely can be used for fingerprinting. Everything can be used for fingerprinting, and we refuse to fix it because "but who thinks of the ad companies???".

[–] [email protected] 3 points 2 days ago

This is exactly what nextDNS is doing:

1sc5k91u2kx-2e5621.test.nextdns.io

Showed up in my dns logs when I opened the page, with a new random number each refresh.

[–] [email protected] 7 points 4 days ago

Without looking at it it’s probably making a unique request to a resource on a NextDNS subdomain and watching where the request comes from. Like pulling an image from (unique _string).check.nextdns.com. This requires nothing special on the client, it’s making a standard request, and as part of that it needs to do a DNS lookup.

If the source of the and your IP are similar then it’s likely the same network, otherwise it can correlate the source with known resolvers.

[–] [email protected] 4 points 4 days ago

https://www.dnsleaktest.com/

[–] [email protected] 1 points 4 days ago

Put a record in DNS whose content differs from other servers'. When they look it up regularly, they get one answer. When they look it up with you, they get a special answer. Then the servers behind those records return the relevant answer.