jrswab

No-fluff tutorials and privacy-focused tools for the modern productivity-minded developer.


How To Stop Leaking Metadata

Categories: [Technology]
Tags: [security], [privacy], [linux]

Even if you use a VPN and surf the web over TLS/HTTPS your ISP or the coffee shop you sit in can still know where you go and what you do on the internet. It's this data that gets sold to the highest bidder for a profit off what you do online.

No matter if it is the coffee shop or your ISP it's disingenuous that we, the paying customer, can't assume the company with which we spend our money isn't selling our data for more. This particularly ticks me off about ISPs and why I go to great lengths to rid them of this goldmine.

It would be one thing if they gave us the option of free internet in exchange for my data to sell so they can pay for infrastructure, but this is not the case. We pay for the service and the mine our data to sell in for even more.

How do they expect to gain any trust with practices like this?

The way they do this, even if you use a VPN, is to set the routers' default DNS (Domain Name Service) to their servers.

Here's why this works:

When your computer requests jrswab.com it first looks in its own DNS which is probably not existent unless you set one up. In Linux, the file to look for is /etc/hosts in this file you can set a domain name and the IP you want that name to send the browser too.

How to setup /etc/hosts:

  1. Ping your desired domain via the terminal with ping -c 1 somesite.com and you will get an output with the IP address of the site in parentheses.
  2. Then run your favorite text editor as root and open /etc/hosts
  3. Add the IP of the domain to end of this file in this format xxx.xxx.xxx.xxx somesite.com somesite (where xxx is the numbers of the domain.

Steps to help protect your metadata from ISPs

  1. Use a VPN to tunnel your traffic.
  2. Use Tor to stay anonymous.
  3. Don't use company provided router.
  4. Set DNS to an open provider.

Change the DNS address on your router

For DNS IP addresses I use the OpenNIC Project, an "open and democratic" list of DNS providers aimed to give the users increased privacy.

OpenNIC (also referred to as the OpenNIC Project) is a user owned and controlled top-level Network Information Center offering a non-national alternative to traditional Top-Level Domain (TLD) registries; such as ICANN. - OpenNIC Project

Of course, you still have to rely on a third party here so make sure you do your due diligence.

Other options include:

PS: This is just one piece of the metadata cake that companies like to keep on us. Please do not think that by changing your DNS that you are now anonymous on the internet because you're not.


Ways to support the blog.

If you are an email kind of nerd you can sign up for mine here. You can donate to this site from my Liberapay account if you so choose. If you want a more passive way to support this site, use this link when shopping on Amazon; it kicks some of Amazon's profit to me at no extra cost to you.