advertisement
advertisement

Here’s how to stop your ISP from spying on you

One change in browsers like Firefox or Chrome makes it much harder for your internet service provider, or anyone else, to see where you go online.

Here’s how to stop your ISP from spying on you
[Photo: Damian Zaleski/Unsplash]

The federal government has authorized your internet service provider to spy on you. The right was enshrined by a 2017 act of Congress that cancelled anti-spying regulations enacted by the Obama-era Federal Communications Commission. Today, your ISP can log every place you go online and use that data any way it wants, such as building user profiles for its own or other companies’ advertising platforms.

advertisement
advertisement

But ISPs’ most powerful spying tool is now easy to block, by encrypting what’s called a DNS request—a bit of data that announces the websites you visit. Mozilla’s Firefox browser already offers DNS encryption as an option, and it’s about to turn it on by default in the coming days or weeks. This protects you not only from a snooping ISP but also from a hacker who wants to watch your surfing or even redirect you to bogus sites containing malware.

Google also plans to make DNS encryption possible in its Chrome web browser and Android operating system, although in a much slower fashion that involves coordinating with the internet service providers. Nevertheless, ISPs recently sent a letter to six House and Senate Committees asking them to stop Google from moving forward. News site Motherboard also unearthed a misleading slide deck that Comcast lobbyists are using to sway politicians.

Today, Comcast published a post announcing that it does not track the websites customers visit or the apps they use. Comcast further says that it doesn’t build profiles and has never sold user information. These are all voluntary measures, however. There’s no law or regulation (at least at the national level) to prevent an ISP from doing any of this.

The skinny on DNS

While the politics play out, you can take simple steps right now to secure your surfing. Here’s a quick explanation of how DNS works, and how to encrypt it.

Typing “Google.com” into your browser means nothing to the internet, which needs a numerical IP address like 172.217.7.196 in order to find Google’s web servers, which host its site. To resolve the problem, your browser first visits a domain name system (DNS) server, which maintains a lookup table of web domains and their corresponding IP addresses. By default, your computer (or phone or tablet) uses the DNS server provided by your ISP, giving the company a handy list of all the sites you visit.

The privacy solution is called DNS over HTTPS, which uses the same encryption that secures your connections to most websites. (You can spot those web addresses because they start with “https” and are designated by a lock icon.) Mozilla is the furthest along, introducing both the encryption technology and an encrypted DNS service provider, run by cloud computing company Cloudflare. The latter has agreed to purge any data it collects and not provide it to any other parties. Mozilla is close to signing on additional DNS providers under the same terms, says Marshall Erwin, senior director of trust and security at Mozilla.

advertisement

Setting it up

The easiest fix is to use the Firefox browser, as the switchover to DNS over HTTPs is about to start. If you just can’t wait, or you want to use another browser, here’s what to do.

On the desktop

To enable DNS encryption in Firefox, click the “hamburger” (three horizontal line) icon on the upper right of the program window. Click Preferences > General > Network Settings, scroll to the bottom of the popup window and check the box next to “Enable DNS over HTTPS.”

Just check a box to enable (or disable) DNS over HTTPS in Firefox.

If you prefer another browser, you’ll need to change the DNS settings in your computer’s operating system. Cloudflare offers detailed instructions for Windows, Mac, and Linux. While the instructions are straightforward, bear in mind that making a mistake here could knock your whole system offline until you figure out what you did wrong.

On mobile devices

It doesn’t matter what browser you use on Android or iOS devices. Cloudflare provides a free app called 1.1.1.1 that automatically shifts all of your internet-connected apps (not just browsers) to its encrypted DNS service. The 1.1.1.1 app also provides a free virtual private network (VPN) that encrypts all your internet traffic, protecting you even more from snoops and hackers.

advertisement

This article has been updated with comment from Comcast describing a policy of not tracking users via DNS. A previous version of the headline erroneously implied that Comcast was spying on users.

advertisement
advertisement

About the author

Sean Captain is a Bay Area technology, science, and policy journalist. Follow him on Twitter @seancaptain.

More