I am writing about an internet privacy problem that has been irking me for quite a while and for which a solution has finally surfaced.

DNS, or Domain Name Service, is an internet service that translates human readable names (eg. www.timesofmalta.com) into their equivalent numeric IP address (46.38.179.171). Given access to the DNS traffic generated by a computer in use, a reasonably accurate profile of which sites the computer is accessing can be built up, though, to be clear, this will not include the actual data transferred between the site and the computer.

So, for example, if I open http://www.timesofmalta.com in my web browser, the browser will first send a DNS request and, on receiving the answer, it will contact the actual web server and ask for the website to be sent over.

Most commonly, DNS service is provided by ISPs, however, it is quite normal in the interest of privacy to use an alternate DNS service. There are a number of free services on the internet, the most notable being Google Public DNS and OpenDNS.

There is one problem when using this approach in Malta, though. My internet connection both at home and at work comes through Go’s ADSL service and Go have taken it upon themselves to hijack all DNS traffic and point it through their own servers. You can put any DNS address you like on your computer’s settings, even one which doesn’t exist, and the result will be exactly the same. Go’s DNS is often wrong or takes long to update after a change. However, what is most worrying is that Go have no published policy as to what happens with data and logs collected from their DNS.

Having your DNS traffic hijacked is not an option with Go. I have discussed this issue with their senior network staff at length and the only option is to switch to a “routed CIP connection” in order to bypass the DNS hijacking and this costs a good deal more than the regular ADSL business connection.

Recent news finally brought some respite – OpenDNS are offering free software that will encrypt DNS connections, ensuring there is no possibility of a “man in the middle” attack or that DNS queries are being logged. Using regular port 53 traffic doesn’t work due to Go redirecting UDP traffic to that port. However, the OpenDNS software also offers an option to use TCP/443 for DNS queries. Slower but it gets through unscathed.

For most internet users who are not concerned about their privacy, this is probably a non-issue but in reality it should be. Those users who already value their privacy and take steps to protect it will be relieved to know that another major privacy loophole is being plugged.

I have mentioned to Go a number of times that it would be nice of them to publish their policy regarding DNS hijacking and what is being done with data being collected from their DNS servers.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.