What Incognito Mode Can and Cannot Protect

A couple weeks ago, someone online posted a comment saying you can stay “safe and secure” online due to using the web browser’s incognito mode.

Is this true. Does incognito mode really prevent someone from ever tracking you online?

Short answer: no

Long answer:

People believe the myth that the incognito mode – on your web browser – will keep you safe and private. However this is not the case.

Incognito mode only does the following:

  • prevents web history from being logged locally
  • prevents download history from being logged locally
  • prevents cookies & cache data from being stored locally

In other words, incognito mode will prevent someone from spying on you, just by opening the web browser and viewing the web history and downloads.

Now what does incognito mode not protect against?

  • Malware on the system — Any malware on the system will be totally unaffected by your use of incognito mode.
  • IT department — Your IT department will still be able to track your Internet usage on their network. This is especially true if you use their local DNS resolvers. They will know what websites you visit, regardless of your use of incognito mode.
  • Internet Service Provider — Unless you make use of a VPN service, your ISP will definitely know where you go online, regardless of your use of incognito mode.
  • Government surveillance — Of course, incognito mode will be of no use to you here. Also, even using a VPN will not help much if you are being targeted by a government.

Posted in Computers, Internet and Servers, Security, Software, VPN

Merry Christmas 2019!

Luke 2:8-20    New American Standard Bible (NASB)

8 In the same region there were some shepherds staying out in the fields and keeping watch over their flock by night. 9 And an angel of the Lord suddenly stood before them, and the glory of the Lord shone around them; and they were terribly frightened. 10 But the angel said to them, “Do not be afraid; for behold, I bring you good news of great joy which will be for all the people; 11 for today in the city of David there has been born for you a Savior, who is Christ the Lord. 12 This will be a sign for you: you will find a baby wrapped in cloths and lying in a manger.” 13 And suddenly there appeared with the angel a multitude of the heavenly host praising God and saying,

14 “Glory to God in the highest,
And on earth peace among men with whom He is pleased.”

15 When the angels had gone away from them into heaven, the shepherds began saying to one another, “Let us go straight to Bethlehem then, and see this thing that has happened which the Lord has made known to us.”16 So they came in a hurry and found their way to Mary and Joseph, and the baby as He lay in the manger. 17 When they had seen this, they made known the statement which had been told them about this Child. 18 And all who heard it wondered at the things which were told them by the shepherds. 19 But Mary treasured all these things, pondering them in her heart. 20 The shepherds went back, glorifying and praising God for all that they had heard and seen, just as had been told them.


Posted in Biblical Accounts, Christian, Holiday

Should I Use Another DNS Server?

Should I switch my current DNS server?

If you are just a regular Internet user (not self-hosting anything), and you are currently using your ISP’s DNS server, I would switch to a 3rd party DNS service (e.g. Cloudflare).

However if you are self-hosting anything (e.g. email), then I would opt for running my own DNS resolver for reliability.

Here are my opinions on the three typical ways to get DNS.

ISP DNS Resolver:  usually ok performance / no privacy

  • Works out-of-the-box with your Internet service.
  • Since you are using servers they control, always assume your ISP is logging your DNS requests (no privacy).
  • Sometimes an ISP actually has worse DNS servers (slower, less secure) than a 3rd party DNS service.
  • Many years ago, I made use of my ISP’s DNS resolving services. They would occasionally go down – every few months. It made it look like the Internet was “down”, but it was just their DNS resolvers that were down.

Third-Party DNS Resolver (e.g. Cloudflare, OpenDNS):  good-to-excellent performance / potentially less private

  • 3rd party DNS server may be logging your DNS lookups, regardless of what their Privacy Policy says.
  • Can be faster than your ISP’s DNS resolvers. This is due to 3rd party DNS services having a very large network infrastructure. They can handle large amounts of traffic with ease.
  • Cloudflare does support DNS-over-TLS. However this is just encrypting your connection to Cloudflare. When Cloudflare retrieves the DNS records for you – assuming they do not have a cached copy – that connection of theirs is unencrypted. This means the DNS records Cloudflare gets for you can be manipulated by a 3rd party, outside of Cloudflare’s control.
  • Any server hosting a website using SNI (Server Name Identification) – without using the TLS 1.3 protocol – will give the domain name you are accessing in plain-text for anyone to see. This defeats the purpose of using an encrypted DNS service.
  • Can help get around DNS blacklists your ISP may have implemented.
  • Unless you are using a VPN service, your ISP will still have to route your connection to the website. This may give away where you are going on the Internet, even if your ISP cannot read your DNS queries.

Self-Hosted DNS Resolver (e.g. Unbound DNS):  ok-to-good performance / potentially more private

  • Useful if you want to have reliable lookups, since your are cutting out the middle-man handling your DNS requests.
  • If you are self-hosting web services (e.g. web and email), it is recommended to run your own DNS resolver. While not necessary, this will help prevent interruptions to your services.
  • While there is no worry about the DNS server keeping logs (you are running it, after all), there still is the possibility of your ISP and/or other entities sniffing your DNS lookups and keeping a log that way. This is because DNS is inherently insecure (not encrypted).
  • Unbound runs on FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows.
  • Unbound DNS does require some knowledge of DNS to be setup properly.

Posted in Computers, Internet and Servers, Operating Systems, Security

Are Web Browser Extensions Safe to Use?

Many people use web browser add-ons (such as Ad-blockers) for their everyday browsing. What most people are unaware of is that many of these add-ons have permissions that allow the add-on to view the content of the web pages the user is viewing.

The problem? If someone has installed a malicious add-on, their web browsing data (e.g. browsing history, password credentials, what they type into a website, etc.) would have been sent to the add-on’s creator. Now I am not implying that every single web browser add-on does this, but there is a very high potential that this can happen.

Would only using open-source browser add-ons be a safe option? Well open-source add-ons would definitely lower the chance that someone would get away with spying on you. However open-source projects do not have a spotless security track record either. There is still some risk.

Even Mozilla themselves warn about this problem with web browser add-ons (also called extensions).

Here is an example of what I am talking about (https://www.zdnet.com/article/mozilla-removes-avast-and-avg-extensions-from-add-on-portal-over-snooping-claims/).


Posted in Android, Computers, General, Internet and Servers, Security, Software

‹ Older Posts