I know this is an outrageously bad idea, I don’t need convincing. I am just looking for some more information and discussion on what exactly the exposure and surveillance risk is.
I’m asking both for my own education (I am still very green to networking), and to better explain to people in my life if and why they should care.
-
Is it true that traffic can be tracked and logged by ISP through DNS lookups, as these routers are preconfigured to use their internal dns service?
-
If this is changed (like base.dns.mullvad.net), how much does this actually mitigate the risk here?
-
What about when a VPN (mullvad) is also being used at all times? Would it then be “overly paranoid” to fear this untrusted box all the traffic goes through?
I personally take a conservative approach to things like this and assume it’s an unacceptable risk, but I don’t really understand what the truth is.
Thank you in advance for your time and thoughts.
EDIT: I’m asking about US and US adjacent areas
Even if you set your own preferred DNS server, the router can simply spoof it, and route the DNS request to their own servers. But for that, you can use SSL for DNS.
In general, the ISP could basically read everything you route through them that has not been encrypted. And even then, they know how much to talked with which web site.
I see.
Just to make sure I understand, how does the situation change if the DNS resolver is set at the browser or OS level (DNS over HTTPS)
Thank you for your response.
Then the ISP can only see that you are contacting certain machines (and from there guess you want to avoid their DNS server). But apart from blocking that service, they can’t really do anything.