Yeah he was but it just made the investigator's job a bit easier. It is hard for anyone to do anything on the internet over a few years and not leave a lot of tracks. Cracks are almost inevitable. It's just a question of how many and how easy to split open. Not to mention how much pressure is applied on them.
Hi. Please excuse the newbie question but how do I remove DNS entries which are associated with my ISP? I use a decent commercial VPN and running the test on grc.com reveals two extra servers which lead direct to my ISP. Incidentally neither of these two extra DNS servers were picked up by dnsleaktest or ipleak etc. Is it a question of changing the settings on my router? If so, what would be a good replacement? Thank you very much for your time!
Yes, you need to change them on your router. The WikiLeaks list is good: https://www.wikileaks.org/wiki/Alternative_DNS I'd also check what DNS servers are specified in your computers.
I wouldn't be using a VPN to access my bank, even if it worked - many banks block VPN connections for some pretty good anti-fraud reasons. And they know where I live. I am fanatical about the client used to access the account, checking their SSL certificate, and I do wish that they would implement proper 2FA, but here's hoping.
way to go i wouldn't trust vpn service providers any more than i'd trust my isp when it comes to online banking.
OpenDNS sounds like a good bet, as opposed to say Google Public DNS? Or is there perhaps a compelling reason not to use US based DNS servers and rather stick to European ones? I'm UK based btw. And a quick thanks for your excellent guides!
opendns is no different than googledns. if you want privacy, gpf, ccc or opennic is the way to go. if you want reliability and speed then it's google.
if your vpn service provider doesn't provide you with its own dns resolvers, you better ditch it asap.
Well, I am sorry I deleted my post because in the meantime I've found the answer myself. https://developers.google.com/speed/public-dns/privacy My VPN provider gives me his DNS but actually with these I have a leak. When I set GoogleDNS (or whatever) in the network manager (ubuntu), no more leaks.
leaks got nothing to do with which dns resolver you use. it's to do with your system settings, such as fw config, vpn client, browser config, etc. i'm afraid you got the whole concept of dns leak wrong.
Privacy issues aside, is the trade-off in speed and reliability significant enough to be readily noticeable? Out of principle I would prefer to stay away from anything Google related so would opendns be the next best choice?
it is indeed. up until a few years ago, opendns was highly regarded here. but nowadays, it's fallen from grace. if privacy is not a concern, then you could go either with opendns or norton connectsafe.
Just to clarify: Adding new DNS entries is only neccesary on the router itself and they do not need to be duplicated in the OS which will pick them up using DHCP, do I have that correct? Or should I "hard code" them in anyway? Furthemore, the existing ISP assigned IP's in my Name Resolution Table need to be removed, yes?
The key is hard-coding a neutral DNS server in your system. For good measure, you should also do that in your router. But again, I defer to Wikileaks Maybe not OpenDNS, though. Whether or not your VPN client "leaks DNS" is another matter. But if you've hard-coded a neutral DNS server in your system, it's that one that will leak, rather than one associated with your ISP. To prevent DNS leaks, you can use https://www.whonix.org/wiki/VPN-Firewall Or as I do, you can just use those rules, and manage them with iptables-persistent. Or in Windows, use Comodo firewall.
Right, machines will get them at boot via DHCP. But I tend to do both, because my memory is iffy sometimes
Many thanks mirmir. Leaking a neutral DNS is within what I currently class as acceptable. Famous last words ;-) I do remain curious why grc.com picked up these extra DNS servers whilst dnsleaktest and ipleak did not? Sigh, looks like google public dns it is...
I would like to add to this is possible... Windows is a biyatch when it comes to empty text boxes; especially is one is to "rely" on an MS OS picking up details off of a router. I've been told it's possible that Windows sometimes populates empty DNS address entries if it finds them in Network Properties - Preferred & Alternate... regardless if both are empty or one. So *tips hat at @mirimir *... it also serves as a double-whammy, just in case you are using W7 firewall to block everything on ISP but allow only on VPN.
Thx guys. Point taken. Interestingly when I replaced the ISP DNS server entries (router & OS) with Google Open DNS and ran the DNS Nameserver Spoofability Test on grc.com again (through a VPN) there were no leaks of the Google Open DNS IP's at all. Cool!
Given some of the points in this thread NordVPN might be a good choice. Maybe only draw back is that it isn't free, but on a yearly basis it's quite reasonable. Some feature. 1. A huge number of servers around the world, and when you start it does a refresh to show you each server, it's load percentage and ping time. 2. It keeps no logs and is registered in a country(I forgot which) where there are no laws forcing them do to anything. 3. It has a "kill" feature. So for example I've listed Firefox as an app to kill. What this means is if I should lose the VPN server it automatically kills Firefox 4. A double VPN. This means you connect to one server, and then it connects to another server and then out to the net. 5. Speed is excellent if you stick to a server reasonably close to home.
ymmv but during my subscription i experienced too many server downtimes. also kill feature failed every now and then. vpn connection would drop but kill feature wouldn't be triggered due to vpn software assuming connection was still active . last but not least, they have yet to implement perfect forward secrecy.
It's because dnsleaktest and ipleak ask nicely about configured DNS servers, but grc.com asks very hard Why not Chaos Computer Club?
