Is Tor browser on Mullvad DNS a bad idea?
from unicornBro@sh.itjust.works to privacy@lemmy.ml on 05 Aug 22:50
https://sh.itjust.works/post/43499563

Newb: I set secure DNS to Mullvad DNS. Since I can’t afford a VPN, I do my web searches on Tor browser.

#privacy

threaded - newest

shortwavesurfer@lemmy.zip on 05 Aug 22:51 next collapse

My guess is that it would just completely override the DNS.

thebardingreen@lemmy.starlightkel.xyz on 05 Aug 22:56 next collapse

Why would it be a bad idea?

jaggedrobotpubes@lemmy.world on 06 Aug 03:02 collapse

I think tor works in part because everybody is identical in ways that change if you fiddle with settings.

BombOmOm@lemmy.world on 05 Aug 23:10 next collapse

That seems perfectly fine to me.

[deleted] on 05 Aug 23:15 next collapse

.

samsapti@feddit.dk on 05 Aug 23:40 next collapse

I would not do that. The whole idea behind Tor Browser is to make users look similar. By using a custom DNS provider you stand out from the crowd, thus making yourself more unique/identifiable. A website may not be able to see who you are, but it’s gonna have a way easier time seeing that you’re the same person visiting as the person who was there yesterday.

archy@lemmy.world on 06 Aug 01:55 next collapse

Well, would they stand out to the next node but not to all Intermediaries, right, including the website they are visiting?

wintermute@discuss.tchncs.de on 06 Aug 08:32 collapse

How would the website know that you are using a custom DNS provider?

johnnyb@discuss.tchncs.de on 06 Aug 11:10 collapse

redirecting you to a unique subdomain and watch which resolver comes calling. that’s how ipleak and co. check for DNS leaks.

wintermute@discuss.tchncs.de on 06 Aug 11:40 collapse

Interesting… Never thought about that.

gibson@sopuli.xyz on 11 Aug 04:10 collapse

And that’s why you should stick with tor browsers defaults (with the exception of adjusting security slider to meet needs). They have a whole team who are paid to think about it.

berty@feddit.org on 05 Aug 23:57 next collapse

Why would you want to do that? Do not change anything as the idea is that all users use the same Tor as it is.

Majestic@lemmy.ml on 06 Aug 11:06 next collapse

No. It’s fine.

Tor uses its own DNS system to my recollection. It’s true there is DNS as part of fingerprinting and DNS leaks are a concern for VPNs (see for example www.dnsleaktest.com) but Tor is not vulnerable to this and it’s more a problem of you’re using a VPN to appear to be in NYC but your DNS shows Phoenix so that’s a big discrepancy that raises the uniqueness of your fingerprint on a VPN and even lets threat actors guesstimate where you actually are. As I said though this is not an issue on Tor.

So understand that the DNS from Mullvad will only affect other programs not Tor. It will prevent say your ISP’s DNS from seeing your video games calling their domains that way. Your ISP can still see you’re connecting to infrastructure for as an example Genshin Impact when you launch the game because they can see where your traffic is flowing and the IP addresses as well as traffic patterns, ports, etc. It somewhat limits the data and visibility they get but there is something called SNI snooping as well as of course the fact they know the IP addresses where your connections go. So it’s perhaps better than nothing but understand the limits of it as they still have a lot of visibility though they shouldn’t be able to see your web searches regardless just that you’re accessing google or bing or duckduckgo as those sites use HTTPS.

Undertaker@feddit.org on 07 Aug 22:26 collapse

More context please. Where did you set the DNS? Smartphone, desktop? In browser or on system settings?

Assuming the following: You set the general DNS on your AOSP based smartphone to Mullvad and use Tor bowser simultaneously.

This is perfectly fine as Tor browser uses its own DNS. They won’t interfere.