I’ve been getting increasingly paranoid about privacy and read that even if I’m visiting secure sites, my ISP can log – and sell – my domain data? And that there’s a service called 1.1.1.1 that helps me retain my privacy? What’s the scoop?
The short answer is that you’re right on all counts. In the United States, your ISP has the legal right to not just log every single site you visit, but sell that data to advertisers without even telling you that they’re doing it. If you’re in the UK, it’s worse, the UK has something called the Investigatory Powers Act of 2016, which requires them to keep a log of every site you visit for a year. Other nations? Who knows. But it’s a sure bet that there’s more interest in tracking you than in honoring our desire for privacy and anonymity.
One solution is to use something like a Virtual Private Network [I use ExpressVPN quite a bit, and recommend it] but there are easier solutions too, one of the simplest of which is to simply change your domain name server (DNS) settings to not point to your ISP. Google offers its own DNS servers, for example, at 8.8.8.8, but Google also has a long history of tracking, consolidating and analyzing user data, so that might not entirely sidestep the issue.
Instead, Cloudflare has announced its own “Private, Secure DNS” and it’s free. That’s what 1.1.1.1 is, and it’s pretty easy to get setup and working. At least if you’re on anything but a Windows computer, where changing your DNS settings from the default from your ISP can be rather a trick.
But let’s back up and define what a DNS Server is in the first place. Here’s the scoop We are all used to thinking about Web sites by name. CNN.com, whitehouse.gov, unicef.org. Underlying these names are unique numbers known as IP numbers. Those three domains are also known as 151.101.1.67, 23.41.73.76 and 57.69.14.59. Ugly, right? Yup, that’s what the Domain Name Service does; it speedily converts names into numbers so you don’t have to worry about it. Smart.
Every time you ask for a name to be mapped to a number so your computer, tablet, phone or even TV can check it out, however, that query is logged by your Internet Service Provider. Not so good. You can see where an independent, secure DNS would be a really beneficial thing!
Let’s jump into the settings required to change a Mac system to use the Cloudflare 1.1.1.1 service. It’s pretty darn easy. Start by launching System Preferences off the Apple menu, then in the little search box, type in “DNS”:
It highlights exactly where you need to go. Click on the highlighted choice and you’ll immediately be in the right place:
You can see that by default I use the Google DNS service, the pair of 8.8.8.8 and 8.8.4.4. They work really well and are the same regardless of what Internet connection I use or where I’m online.
All good, but… let’s change to the Cloudflare service. To do that, write down the existing DNS settings you have (just in case things don’t work for you!), then click on the “+” to add 1.1.1.1 and then again to add the Cloudflare backup DNS server 1.0.0.1. It’ll now look like this:
Ready? Click on “OK” then you’ll be led back to the Network Settings window. The button you want now is on the lower right:
Yes, you can see I’m using Google Starbucks right now. A click on “Apply“, though, and it’s with the Cloudflare secure and private DNS service. And it works really well in my experience, a definite bonus!
I think it’s a no-brainer to switch to this new DNS service, but I asked a few other tech experts what they thought. Here are their reactions:
Computer security expert Greg Hewitt-Long enthused “it’s faster than Google DNS and it’s also anonymous, I give it two thumbs up!”
Leo Notenboom of Ask Leo added “Most people are interested in alternative DNS services for speed and there are several alternatives. Cloudflare seems qualified to be added to that list, since speed and delivery is what they’re all about.” His only warning: “Biggest issue for some would be the negative press CloudFlare has received for hosting (or providing services for) controversial extreme far-right websites.”
Privacy consultant Bennett Haselton also said “I’m not privacy-conscious enough to use it myself, but I’m sympathetic to the concerns of people who are, and this could work for them. I would have preferred it if the Senate hadn’t eliminated the law against ISPs selling their users’ browsing data. But until we get that law back, something like this is helpful.”
I concur. Check out 1.1.1.1 and you’ll find that it has reasonably easy instructions on how to switch your Android, iPhone, Mac, Windows or even Linux computer to use the Cloudflare secure and private DNS service. Because it’s better to switch now, before we lose even more of our precious digital privacy.
Disclosure: The ExpressVPN link above is an affiliate link. If you prefer, just search for the VPN name in your app store or on Google to get there directly.
Doing 1.1.1.1 on windows is actually very simple. My guess is you are used to using apple so you do now know how to do it. I am pretty sure there is a tutorial if you type in 1.1.1.1 into your search bar.
This may not match everyone’s situation. In my case, I use an ADSL+ service with Frontier Broadband. The DNS server address in my Mac settings is actually the IP address of my local router, in the typical range 192.168.nn.nn. Reviewing the settings of the router, I find two DNS addresses in the frontier.net domain. So for my situation, I need to change the DNS address in the router, not in the settings of each individual device that uses my router. This is actually a convenience, since every device in my household can be redirected to a new DNS service with only the change to the router, and also sometimes at home I use my laptop with a wired ethernet connection, and at other times using a WiFi connection. Since the change is made within the router, all devices and both wired and wireless connection are reconfigured in one place.
While changing the router settings is easy enough to do, but it does take some care not to inadvertently change some other setting in the router. There is usually a way to back up the router configuration to a file, and then it can be restored in case something goes wrong.