How your ISP tracks you (even with encrypted DNS)
NOTE: DNS or HTTPS / Encrypted DNS won't make you invisible. Watch and find out.
Some people believe that encrypted DNS makes them invisible, but is this video I use a live Wireshark capture to prove that your ISP can still see every website you visit. You will learn how to verify your own privacy leaks and a VPN are necessary to truly go dark on the wire.
In this deep-dive network lab, we use Wireshark and a physical ethernet tap to expose the truth about modern web privacy. You will see firsthand how your ISP can still track every website you visit, even when using encrypted DNS (DNS over HTTPS) and TLS 1.3. We demonstrate how the Server Name Indication (SNI) field in the Client Hello packet leaks your destination in plain text. The video explores advanced privacy technologies like Encrypted Client Hello (ECH) in Firefox and Cloudflare, explains why these features often break corporate filtering, and proves why a VPN remains the only definitive way to hide your traffic from network snooping and government logging.
// YouTube video REFERENCE //
The one BIG mistake you are making with DNS security today: https://youtu.be/Rrr4HrI8E6g
// Book REFERENCE //
DNS & Bind 4th Edition
US: https://amzn.to/4s8WaWm
UK: https://amzn.to/4sztLbB
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud: https://soundcloud.com/davidbombal
Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - DNS myths!
01:53 - Jump to the timestamps
02:16 - Debunking DNS myths
02:59 - Interviewing Cricket Liu // Pros & Cons of DNS
06:49 - DNS monitoring demo
10:33 - Changing DNS provider in Chrome
13:00 - Turning off Secure DNS in Chrome
14:43 - TLSv1.3 is still visible // What is SNI?
18:56 - DNS using CloudFlare
22:11 - What is ECH?
22:52 - TLSv1.3 is still visible continued
26:53 - IP address lookup
28:10 - Summary
28:58 - Will using VPN help?
31:32 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#dns #myths #privacy
Some people believe that encrypted DNS makes them invisible, but is this video I use a live Wireshark capture to prove that your ISP can still see every website you visit. You will learn how to verify your own privacy leaks and a VPN are necessary to truly go dark on the wire.
In this deep-dive network lab, we use Wireshark and a physical ethernet tap to expose the truth about modern web privacy. You will see firsthand how your ISP can still track every website you visit, even when using encrypted DNS (DNS over HTTPS) and TLS 1.3. We demonstrate how the Server Name Indication (SNI) field in the Client Hello packet leaks your destination in plain text. The video explores advanced privacy technologies like Encrypted Client Hello (ECH) in Firefox and Cloudflare, explains why these features often break corporate filtering, and proves why a VPN remains the only definitive way to hide your traffic from network snooping and government logging.
// YouTube video REFERENCE //
The one BIG mistake you are making with DNS security today: https://youtu.be/Rrr4HrI8E6g
// Book REFERENCE //
DNS & Bind 4th Edition
US: https://amzn.to/4s8WaWm
UK: https://amzn.to/4sztLbB
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud: https://soundcloud.com/davidbombal
Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - DNS myths!
01:53 - Jump to the timestamps
02:16 - Debunking DNS myths
02:59 - Interviewing Cricket Liu // Pros & Cons of DNS
06:49 - DNS monitoring demo
10:33 - Changing DNS provider in Chrome
13:00 - Turning off Secure DNS in Chrome
14:43 - TLSv1.3 is still visible // What is SNI?
18:56 - DNS using CloudFlare
22:11 - What is ECH?
22:52 - TLSv1.3 is still visible continued
26:53 - IP address lookup
28:10 - Summary
28:58 - Will using VPN help?
31:32 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#dns #myths #privacy
David Bombal
Want to learn about IT? Want to get ahead in your career? Well, this is the right place!
On this channel, I discuss Linux, Python, Ethical Hacking, Networking, CCNA, Virtualization and other IT related topics.
This YouTube channel has new videos upload...