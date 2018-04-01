Last March, Congress gave internet service providers the green light to collect user data—without their consent—when it abolished an FCC regulation aimed at strengthening internet privacy. While a few states are struggling to enact their own ISP privacy laws , private companies, academics, and nonprofits are coming up with technical workarounds that would diminish the ability of ISPs to eavesdrop on their customers.

Two new projects have just launched that seek to do that by upgrading DNS, the internet’s address book, so ISPs can’t easily see what web page you’re navigating to. The projects will also make everyone safer from hackers who want to hijack your web traffic. Today, Mozilla and Cloudflare fired up a privacy remedy using a new encrypted version of DNS. Meanwhile, researchers at Princeton have proposed another DNS tweak to further obfuscate your surfing.

Patching the internet’s leaky plumbing

DNS, the domain name system, translates easy-to-remember addresses of websites, like google.com, to the numerical representations (IP addresses) that the internet uses, such as 172.217.7.196. You’re automatically connected to an ISP’s own DNS server when you log onto a home router or public hotspot, or when your cellphone connects to the network. In the process, the ISP gets a log of everywhere you go online.

But you can plug the IP address of a different DNS server into your computer’s or phone’s operating system. Google, for instance, operates a free DNS service at IP address 8.8.8.8 that’s helped people get online when repressive regimes try to thwart connectivity by sabotaging other DNS servers.

Now Cloudflare is launching a free, privacy-focused DNS at the address 1.1.1.1, and it’s partnering with Mozilla to support an encrypted connection with the Firefox web browser. Cloudflare is one of the big content delivery networks that sit between websites and the open internet, shielding them from cyber attacks and speeding up delivery of their content. But 1.1.1.1 is available to any user or site, not just Cloudflare customers.

Setting it up

You first need to set your device to use Cloudflare’s DNS servers. The company provides instruction videos on the service’s landing page for the Windows, macOS, Android, and iOS operating systems. Even taking this step will provide a modicum of privacy. In bypassing your ISP’s DNS servers, it won’t be collecting your page requests automatically.

For better security, you need to set up an encrypted connection between Cloudflare and your web browser or app, using a new technology standard called DNS over HTTPS. Like the encrypted connection that protects data you exchange with your bank’s website, this new tech encrypts the identity of the site you are visiting. Firefox is the first major web browser to offer this, not in the standard download version, but in the beta versions offered on its site.