Image: Jamie

DNS is known as the address book of the Internet: when you want to visit a website you will know its hostname, such as In reality the website is hosted on a webserver which can be reached at a specific IP address. So how to find that address? Simple, you ask a DNS server!

In recent years, the use of DNS has become more and more of a privacy headache. In the old days, most of our communication over the Internet was not encrypted. That made it relatively easy for hackers to eavesdrop. These days, more and more websites support HTTPS: encrypting the traffic makes it impossible (or at least much harder) to listen in. But before we can reach that website, we’ll need to know its IP address and for that we’ll first need to perform – indeed – an unencrypted DNS query.

DNS traffic is typically still unencrypted and that’s where our troubles begin: for each website we visit, we’ll send a request over the Internet, asking DNS for the IP address for that hostname. This means that anyone monitoring our DNS traffic will get an easy listing of all the websites we’re visiting. To that end, it’s in fact much easier for a hacker to just focus on our DNS traffic, instead of trying to analyse every single bit of data we transmit. And it’s not just hackers we should worry about, but also our own Internet Service Providers keeping track of us. All of this was not lost on goverments trying to censor the Internet either: a simple way to block access to unwanted sites is to just block the DNS requests for those hostnames.

Read More

Wired has published a great article on the “Crypto Wars”: the ongoing debate between people that want to protect their data and privacy by using cryptography, versus those people (usually in government and law enforcement) that still want to be able to access that encrypted data to do useful things like tracking criminal networks, identifying terrorists or finding missing persons… or just to spy the heck out of us without any proper democratic oversight, depending on whose side of the argument you’re on. Public-private key cryptography might in fact even be able to provide a way to satisfy both parties. A lengthy but very insightful article, making it today’s recommended reading.