What Incognito Mode Can and Cannot Protect

A couple weeks ago, someone online posted a comment saying you can stay “safe and secure” online due to using the web browser’s incognito mode.

Is this true. Does incognito mode really prevent someone from ever tracking you online?

Short answer: no

Long answer:

People believe the myth that the incognito mode – on your web browser – will keep you safe and private. However this is not the case.

Incognito mode only does the following:

  • prevents web history from being logged locally
  • prevents download history from being logged locally
  • prevents cookies & cache data from being stored locally

In other words, incognito mode will prevent someone from spying on you, just by opening the web browser and viewing the web history and downloads.

Now what does incognito mode not protect against?

  • Malware on the system — Any malware on the system will be totally unaffected by your use of incognito mode.
  • IT department — Your IT department will still be able to track your Internet usage on their network. This is especially true if you use their local DNS resolvers. They will know what websites you visit, regardless of your use of incognito mode.
  • Internet Service Provider — Unless you make use of a VPN service, your ISP will definitely know where you go online, regardless of your use of incognito mode.
  • Government surveillance — Of course, incognito mode will be of no use to you here. Also, even using a VPN will not help much if you are being targeted by a government.

In addition, if you have your web browser logged into a service (e.g., Google Chrome logged into Google), they can track your browsing habits regardless of being in incognito mode or not.

The link below helps prove that any browser being in “private” or “incognito” mode (whatever you want to call it) does nothing to prevent 3rd parties from spying on you.

https://www.reuters.com/article/us-alphabet-google-privacy-lawsuit-idUSKBN23933H


Posted in Computers, Internet and Servers, Security, Software, VPN

Should I Use Another DNS Resolver?

Should I switch my current DNS resolver?

If you are just a regular Internet user (not self-hosting anything), and you are currently using your ISP’s DNS resolver, I would switch to a 3rd party DNS service (e.g., Cloudflare).

However if you are self-hosting anything (e.g., email), then I would opt for running my own DNS resolver for reliability.

Here are my opinions on the three typical ways to get DNS.

ISP DNS Resolver:  usually OK performance / no privacy

  • Works out-of-the-box with your Internet service.
  • Since you are using servers they control, always assume your ISP is logging your DNS requests (no privacy).
  • Sometimes an ISP actually has worse DNS resolvers (slower, less secure) than a 3rd party DNS service.
  • I used to make use of my ISP’s DNS resolvers. They would occasionally go down every few months. It made it look like the Internet was down, but it was just their DNS resolvers that were down, which caused software to fail since they could not resolve domains to connect to services.
  • Some ISPs will redirect you to their own online search engine, if the domain you are looking for does not exist. That is real tacky. They should just give the standard DNS error response, instead of – effectively – hijacking your DNS service.

Third-Party DNS Resolver (e.g., Cloudflare, OpenDNS):  good-to-excellent performance / potentially less private

  • 3rd party DNS resolver may be logging your DNS lookups, regardless of what their Privacy Policy says.
  • Can be faster than your ISP’s DNS resolvers. This is due to 3rd party DNS services having a very large network infrastructure. They can handle large amounts of traffic with ease.
  • Cloudflare does support DNS-over-TLS. However this is just encrypting your connection to Cloudflare. When Cloudflare retrieves the DNS records for you – assuming they do not have a cached copy – that connection of theirs is unencrypted. This means the DNS records Cloudflare gets for you can be manipulated by a 3rd party, outside of Cloudflare’s control.
  • Encrypting your DNS does not prevent your ISP from seeing what domains you are going to, if the web-server you are connecting to does not support both the TLS 1.3 protocol and the ESNI extension. This is due to the fact the SNI (Server Name Identification) gets sent from the web-server in plain text. With this information, your ISP can effectively see which domains you are visiting, regardless if your DNS is encrypted via Cloudflare or another 3rd party service.
  • Unless you are using a VPN service, your ISP will still have to route your connection to the website (they can see the web-server’s IP address). This may give away where you are going on the Internet, even if your ISP cannot read your DNS queries.
  • There are some free public DNS resolvers, run by volunteers (read: no large corporations), who claim they do not log your domain lookups. Just like I mentioned before, you must take their word for it.

Self-Hosted DNS Resolver (e.g., Unbound DNS server):  OK-to-good performance / potentially more private

  • Useful if you want to have reliable lookups, since you are cutting out the middle-man handling your DNS requests (you are going directly to the source, instead of having someone else do it for you).
  • If you are self-hosting web services (e.g., web and email), it is recommended to run your own DNS resolver. While not necessary, this will help prevent interruptions to your services.
  • While there is no worry about the DNS resolver keeping logs (you are running it, after all), there still is the possibility of your ISP and/or other entities sniffing your DNS lookups and keeping a log that way. This is because DNS is inherently insecure (not encrypted).
  • Unbound runs on many different operating systems (e.g., FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows).
  • Unbound does require some knowledge of DNS to be setup properly. Users who have little to no experience with DNS servers may find setting up Unbound to be difficult.
  • Something to keep in mind. When doing your own DNS lookups, usually you are contacting the Root DNS servers, domain TLD nameservers, and of course one of the domain’s nameservers using your public IP address from your ISP. This means all three of those services may log your IP address when doing lookups.
    • For example, if I lookup my domain computerlagoon.com via Unbound, it will first ask a Root DNS server for a nameserver belonging to the .com TLD. From there it will ask one of the TLD’s nameservers for one of my nameservers to get the webserver’s IP address.
    • There is a very good chance the .com TLD nameserver, run by Verisign, is logging domain lookups. This means someone, somewhere is more than likely logging your lookups (associating your lookups with your IP) even if you opt to self-host your own DNS resolver.

Summary Chart

Easiest out-of-the-box solution | best for people who just want things to work ISP DNS resolver
Best performance | good for people who want more performance than what their ISP provides 3rd-party DNS (e.g., Cloudflare, 1.1.1.1)
Best reliability | best for people who self-host web services (e.g., email) self-hosted solution (e.g., Unbound DNS server)

Posted in Computers, Internet and Servers, Operating Systems, Security

Are Web Browser Extensions Safe to Use?

Many people use web browser add-ons (such as Ad-blockers) for their everyday browsing. What most people are unaware of is that many of these add-ons have permissions that allow the add-on to view the content of the web pages the user is viewing.

The problem? If someone has installed a malicious add-on, their web browsing data (e.g., browsing history, password credentials, what they type into a website, etc.) would have been sent to the add-on’s creator. Now I am not implying that every single web browser add-on does this, but there is a very high potential that this can happen.

Would only using open-source browser add-ons be a safe option? Well open-source add-ons would definitely lower the chance that someone would get away with spying on you. However open-source projects do not have a spotless security track record either. There is still some risk.

Even Mozilla themselves warn about this problem with web browser add-ons (also called extensions).

Here is an example of what I am talking about (https://www.zdnet.com/article/mozilla-removes-avast-and-avg-extensions-from-add-on-portal-over-snooping-claims/).


Posted in Android, Computers, General, Internet and Servers, Security, Software

Why are So Many Internet Forums Toxic?

I have noticed, off and on, people on discussion boards (e.g., forums, comment sections) seem to have an abrasive, if not downright toxic (hostile) attitude towards people. I know, this is not surprising. There always have been people that have acted this way on the Internet.

However, why do people act this way? While I do not pretend to be a psychologist, I have some ideas of why people engage in this kind of behavior online (or offline).

(Please take note, everything I say are my own opinions.)

  1. Depression

Some people are clinically depressed. They do not necessarily mean to cause anyone problems, but they just see their life as one big mess. They in turn let their feelings about themselves (and their life) bleed into their online conversations with others.

  1. Life Stress

Stress can be the cause of someone being frequently irritated. For example, some guy on a truck/SUV forum has just lost his job and is in danger of losing his really nice truck. He makes large monthly payments each month. He is also struggling to pay his rent. With these life problems, I would not be surprised if he were to get fussy with others online.

  1. Arrogance

Many times people being hostile online is due to arrogance. They believe their opinion is the only correct one, and that no one else can be right.

If they happen to be right, they become even more smug and arrogant. If they happen to be wrong, they will never admit it and unfortunately, most of the time, never change their ways. Either way, not a pretty sight.

This happens a lot on comment sections of websites. There is always someone that wants to ask “smart” questions to other people.

However when the person they asked the “smart” question to is able to answer their question, they typically either insist on a stupid “comment war” that leads nowhere, or they sneak out like a thief in the night, never bothering to give a reply for courtesy.

  1. Insecurity

Someone being insecure (not being sure/confident of themselves) can drive someone to get frequently defensive (usually without justification). They also show signs of paranoia and maybe even arrogance, since someone telling them they are wrong causes them to become even more insecure.

  1. Pride

This one is similar to arrogance. Someone being prideful online is not hard to spot. Usually it is recognized by the “tone” of someone’s message.

For example, someone who has lots of money (e.g., a rich businessman) writes an online article. He says that he is of the opinion “poor” people either cannot or have a very small chance of becoming rich like himself.

Now most people would read his article that think “Wow! That guy is a jerk.” Well they would be right. A prideful online post, as mentioned before, is not hard to spot.

I believe people who post similar to my example above, are insecure, and need to put other people down to feel better about themselves. In my experience, they will even act as if they are being sincere, when they are not.

Also, their entire post does not have to be putting someone down. Just one or two sentences will give away the author’s true intentions.

  1. Trolling

As everyone knows, there are people out there who cannot rest until they have caused someone trouble. The Bible talks about these kind of people (Proverbs 4:14-16 *). When it comes to online conversations, they will give pointless talk with little to no technical arguments, wasting everyone’s time in the process.

They also semi-frequently say something like “I’m done with you.” and stop responding, as if you were the one being ridiculous. However, they are just projecting their own ridiculousness onto you, in an effort to coverup the fact they are the troll (troublemaker).

Basically trolls are losers who have nothing better to do than act childish to random strangers on an online comments board / forum.

* Proverbs 4:14-16   New American Standard Bible (NASB)

Do not enter the path of the wicked And do not proceed in the way of evil men. Avoid it, do not pass by it; Turn away from it and pass on.

For they cannot sleep unless they do evil; And they are robbed of sleep unless they make someone stumble.


Posted in Christian, Computers, General, Internet and Servers, Society

‹ Older Posts Newer Posts ›