Encrypt your DNS. Use only DNSEC servers. TLS 1.3, Secure SNI. Use a VPN with double hop proxy.
The issue is not all servers support TLS 1.3 and Secure SNI, so you are at the mercy of that particular server. Truth be known, there is probably zero ways to be totally secure, private, and anonymous, but that shouldn’t deter you from locking down what you can. However, if your threat model is hiding from a government, then unplugging is probably your best bet.
People I talk to about security, anonymity, and privacy always ask me ‘Are you hiding from the government?’ which is rather hilarious to me. I send them tax forms every year. I vote once every four years and in local elections. We are in touch. If I were a person of interest, they’d come visit. However, there is absolutely no requirement to over share…with anyone.
There was speculation that the NSA is deeply involved in Cloudflare, which wouldn’t be a surprise at all.
In fact all US services are probably infiltrated one way or another.
Even if Cloudflare wasn’t a honeypot I would put in as many agents as possible as a three letter agency.
Yeah exactly. How can Cloudflare stay in business with such a huge free service? That’s why.
That’s not a honeypot. What does anyone think is private about Cloudflare?
If you use their DNS they see every domain you visit.
Internet providers see internet traffic. Are they all honeypots too?
That’s why you should use a VPN or anonymizing traffic mixers.
Encrypt your DNS. Use only DNSEC servers. TLS 1.3, Secure SNI. Use a VPN with double hop proxy.
The issue is not all servers support TLS 1.3 and Secure SNI, so you are at the mercy of that particular server. Truth be known, there is probably zero ways to be totally secure, private, and anonymous, but that shouldn’t deter you from locking down what you can. However, if your threat model is hiding from a government, then unplugging is probably your best bet.
People I talk to about security, anonymity, and privacy always ask me ‘Are you hiding from the government?’ which is rather hilarious to me. I send them tax forms every year. I vote once every four years and in local elections. We are in touch. If I were a person of interest, they’d come visit. However, there is absolutely no requirement to over share…with anyone.
https://www.cloudflare.com/ssl/encrypted-sni
Please beware that DNS over TLS is transport protection; the dns server itself of course still sees and knows everything.
I use my own DNS.
That’s great.