Thanks for subscribing!

I was thinking the same. Traffic still needs routing.

@@bgroesser right. The IP address has to be unencrypted to use it, because numerous routers and switches have to be able to route it correctly. The first stop out the door is your own ISP, who can do a reverse lookup on the IP and get the domain name, then log the fact that YOUR IP address went to THAT server.

Exactly

What's the alternative or solution?

​@@cre8tivebreednothing because it's an envelope. You don't encrypt the address when posting a letter.

Ward. What and how to install, to block all youtube adds in the network, even in smart tv

@collectorguy3919 - I am building a similar setup as you have. Using Pi-hole or Adguard to block ads, and using OPNsense as my firewall. But now, I've got a few new features to add - and all because of @Naomi. Great video!

Thanks for watching!

@@NaomiBrockwellTV Hi Naomi, If I use TOR would that be the same or better than DNS encryption?

Well you believe this sht then I got free property in Hawaii . A DNS is a portal. And you all have no clue wtf a DNS means. I got cotton candy children.

That's great to hear. Honestly texas is one of my favorite states

I suspect the only reason we're allowed to feel like we're winning and actually gaining ground in terms of privacy... Is because they have new methods of surveillance we aren't even aware of yet.

​​@@therealb888a it possible to route my internet from a Huawei router to pfsense?

​@@therealb888great idea for a video! I hope you decide to never stop 👏 🎉

Independent??

very *dependent* on companies or orgs @@area_5049

Yeah, independent?

@@y_strikes2770 Yeah, she's a secret G-woman. 😏

Not everything on this channel is correct. Don’t believe things just because they are on KZbin.

​@@StrummerDaveso what's not correct? Care to enlighten the rest of us what this channel is giving misinformation

Thanks for your support!

even with DoH, while domain destination is encrypted BUT the provider still could identity IP of server we are connecting, and from them they could simply associating it with some service or some website.

Was looking for this comment without having seen the vid yet.

@@marhensaThat! You need a provider or proxy you can trust, not only with DNS.

@@sourcebased yes that, also it's possible to host your own VPN server on VPS provider you can trust. even that VPS provider still could identify what IP you are connecting via VPN. using VPN and then browsing with ToR is for me the safest for now, but it will slows down the internet connection by a lot. but we don't need that extra privacy and security everyday, so it's just an occassional thing.

@@marhensa Yes, I was talking only about that practical everyday usage. If you need a higher level of anonymity, using Tor is the least indeed. Best used with Tails and changing hardware and location. I am glad that I don’t really need this in practical terms but I am aware that my internet usage is an open book to my provider and some players on the state services level, as well as my OS and hardware vendors to some degree. I just try to be conscious and selective with who could spy on me and what for.

I would suggest AdGuardHome on a raspberrypi. It has everything built in and ready to go with just two commands to set it up, it also updates from the web interface, so no messing about with SSH. You set it up and it works. It already has DoH DNS over HTTPS built in unlike PiHole and does not need various modules or bits added on - plus it is far more stable and you can set and forget. AGH is far more stable than pihole and programming is far better, plus they fix any faults - you don't get arrogant people on a forum who don't know how to do things. The other handy thing is AGH does not have the many faults of PiHole. One fault PiHole has is chewing up SD cards by continuous writing to them. This makes systems fail regularly because of poor programming. There are various fixes and commands to use on PiHole and bits to add on, then procedures to update, but do people really want an unfinished product being trusted with their data? AdGuardHome is what PiHole wanted to be!

Can you elaborate a bit on how that works?

What's the "perfect amount" of details? Information isn't a spice, u know? What I hear u saying is she doesn't provide enough info; but since every comment only kisses Naomi's ass, ur fine with her leaving it out.

@@jeremymoon9088 they are all simps. If a bloke did the exact same video all these people would rage about how wrong and vague the info was. I have seen this exact thing on videos that had the same approximate scope. The only difference was a male presenter. Everyone raged

@funbucket09 u read my mind! I actually used the word "simp" when I typed that comment; but I edited it before I posted it, because I didn't want to trigger anyone. Have u ever seen Jay at Learn Linux TV interview her? He gets all nervous and wimpy, it's some top level simpin. It's amazing how the internet will give an average woman attention as if she were a super model

Indeed, it feels like an ad.

Yeah, you'd still want a VPN to hide that traffic.

What if you use TLS?

@@Vainglory100 Won’t make a difference. You have to provide your ISP with the destination address, which they can simply run a reverse lookup on. If you really want your ISP not to know where you’re going then you need to use a VPN or some other network tunneling scheme to some remote endpoint that will serve as your gateway to the internet.

I really appreciate your kind words!

You deserve the kind words. I've learned so much from you extremely detailed videos. ❤ another fantastic video

just ask her out already jeez

​@@NaomiBrockwellTVHey Naiomi. Don't mean to hijack the thread...have you heard of 4freedom mobile? Supposedly a privacy focussed mobile service provider which works in Australia, apparently. Do you know much about it?

All my data is saved and logged in physical memory inside the server that inside the room of isp when they need it just memory and some tools the to see everything I did from the day I subscribed until now In the other side vpn and some step can help you to stay away from hackers and company, website ets... anything away from isp because the isp is the hub where my traffic gose and come from 🤭

You are welcome!

Well for home use PF+ is free and the license is not expensive considering the cost of hardware or VM. Not sure what you mean by proprietary either. I had ongoing DNS issues a couple of years back on CE but my device has been stable and with + for home it's an advantage. Either solutions are better than an off the shelf solution at walmart or best buy.

nice!

Avoid quad 9.

@@tacticalcenter8658 Why?

@@tacticalcenter8658Why? Any information would be appreciated.

​@@tacticalcenter8658Why to avoid Quad9?

Thanks and welcome!

Thanks so much for watching!

Can u do me a favor sir 🙏? Can you let me know if you can see my comments on here? I don't understand other than being shadow banned, (which they say isn't real) as to why whenever I comment something, that is probably important to this dns subject, not one person says anything , I would really appreciate it. I have made 3 comments , 2 comments 12 days ago, and one a few mins ago.

@@omega.Networx yes

KZbin mixes up the comments. It's very difficult to find anything you have commented on as it gets burried quickly. Even when they send you an email you can't get back to the original comment. It's a crappy system.

I know this is old. I'm thinking you found your answer but if you didn't. I'd like to try to help, I'd use uBlock Origin. It's the one I use it's 100% open source, and I looked through I haven't found anything wrong. uBlock is 100% safe though for sure (example what it does, blocks javascripts from a server (googles) and returns null; instead of a value. The other thing is it just blocks HTML elements). This is why they hate the F12 button, lol. P.S. If any other extention has a blocker in it, like I use watchmaker it has one. Make sure to turn that off, it's not a security thing; it will just make videos not load. Much Love and Respect

According to their webpage they live on donations. Someone has to make money here. Where is their infrastructure located, who provides the servers/data centers?

Many have another income source

In simple terms what the video is about is the confidentiality of the DNS protocol itself (there is none, because it goes in the clear) and what to do about it, hence the suggestion to use an encrypted DNS protocol (DoH, DoT, DNSCrypt) instead of the traditional one. Switching to using Quad9 in your router instead of the ISP set servers (I suppose) doesn't really help in that regard I'm afraid, unless your router is using any of those protocols. It does, however, help if your ISP were doing some sort of filtering through their DNS servers, plus, the default DNS servers for Quad9 offer some threat protection at that level by denying connections to known malicious domains.

Usually when you use a VPN the VPN provider is handling your DNS. But if you have any other devices on your network like IoT devices, phones that don't have a vpn, etc, then changing your DNS settings is still a big help!

@@NaomiBrockwellTV Thank you!

Also, remember that most VPN providers are not as secure as they claim and most will happily give away data if asked by a government agency or police. From what little research I have made Mullvad VPN seems to be one of the better ones but please do your own research.

@@alfepalfe Mullvad seems very good

@@alfepalfe Sorry to pilled up but still in doubts regarding OP question: If you do not trust your VPN provider is it technically possible to use both this amazing and simple method as shown in the video + A VPN ? (Let's say i'm stuck for 2 years with a Nord membership multi devices plan ? Would it make any sense or simply work to Change my DNS before Data's connect to a one of Nord's Node ? Or it works the other way around in this case i get it and have to choose one or the other....👍 Awesome videos👍, fantastic channel🙏 Since i've discovered it i'm bingeing it like a maniac but the 🐇 hole 🕳️ is Deep... The more i'm learning, the more questions and complex you discover how hard it became to preserve your privacy or just encrypt your clouds data's, photos, email, Google Photo's face recognition and Metadata's usage is freaking me out😱. Govs don't even need anymore datas for their CBDS's Digital ID's we've been face scanned and analysed for years 😤🤦🏻‍♂️They crosscheck with others services from Google Ecosystem and even third party. Feels like an endless work even migrating on Linux, and assuming Google Drive or Dropbox, all cloud storage companies, really delete your datas if you terminate/delete your accounts, or encrypt on Local using an offline open source file encryptor and re-synch the encrypted content. And even by doing that you may trigger attention and have no proof and they wont retain your non end to end encrypted re-synched or deleted data's🤦🏻‍♂️🤬👨‍💻. Who knows what is their real retention time if any ? It's really full-time job! 🤯🛂🧿👩‍💻🏦🕳️

Grazie!

The ISP can't see the IP address you're visiting if you use a VPN

Most websites are hosted on IP addresses that host lots of other websites, so no, but SNI would still reveal where you're going. VPN solves this but then the VPN can see that.

Pfsense are one of the firewall OS you can install as your router( u need hardware ). Unbound is like an add-on integrate in this OS. Quad offer a service you can point ip from your router.

@@Jannickjay okay, thanks for explaining that. This all sounds out of my skill set to setup.

Any way to prevent this?

@@PSL1969 ESNI, extension in TLS 1.3, or even better ECH (Encrypted ClientHello) where that packet of TLS is fully encrypted, but there isn't much support for either that I know of. ECH is to be an extension to TLS (has it made it already?) so _as long as_ the connection to the server is done over TLS 1.x (being x the one supporting it) you'd be golden, but it'd require the browser, for example, to also know about it. I believe AdGuard (client app, not the browser extension) recently launched a version enabling ECH throughout, but I have yet to see how it behaves.

@@PSL1969 The rest of us used ESNI for years! Encrypted, it was a setting in Firefox for ages. There is a modified version of this in modern browsers now called something else. ECH. A sort of "encrypted hello"!

There about 1,000 existing well made videos already. What should be a concern is blocking time requests on your devices if you have a smart device. There are Chinese hard coded time request that go to china, even if it's "open source" and an "American" company....like the Phillips hue bridge No reason for the device to "sync" time in that region when it's most likely collecting data using those ports under the radar.

​@@thebugg333 i don't own those things. no plans to buy them, so that's not a concern for me. not sure why this reply goes with my message. yes i can find guides for myself, but this is the channel i'm watching and interacting with, and i wanted to voice my support for pihole. how can she know what her community is doing if we don't communicate?

pfSense/OpnSense is a router software or operating system and yes it can be run on any regular pc like an older Dell Optiplex. Add a dual or quad NIC and you have enterprise level router capabilities

@@mrmotofy Thanks for the information!

Until you are.

you can change your DNS on any device, but unsure how to set up encrypted DNS on mobile. I'll have a look

@@NaomiBrockwellTV Thanks.

Full tunnel VPN to your home then it should all run through there

www.pfsense.org/ Mullvad and protonvpn are good!

@@NaomiBrockwellTV I'm a bit slow when it comes to all of this, and security is a welcomed thing. Could you explain this to me in a more for dummies style? My system in Windows 10 on an intel dual-core chip.

They probably sell your info too, but that is not confirmed. They did however change "blacklist" to "blocklist" and "whitelist" to "allowlist" after a user happened to mention it! They seem OK, but police can still request records and they MUST comply as data flows in /thought/out of the UK - exactly the same as others like Quad9, if they have ANY equipment in the UK, the hosting company by Law must log all data even if the company says it has no part in that. Q9 does NOT block trackers and advertising sites which is a huge privacy risk to users.

NextDNS is great if you want to block ads.

​@@Bond2025 Have you even read the first line of NextDNS' privacy policy? "1. We do not (and will never) sell, license, sublicense or share any of the data submitted directly or indirectly by our users with any person or entity." And you can manually choose which country you want your logs to be stored in: US, EU, UK and Switzerland. Or disable logging completely.