DNSCrypt is one of those handy utilities that most people should be running on their desktop & laptop computers. It helps with both security and privacy.
When you type in a URL such as www.google.ca into your web browser, your computer converts that to an IP address, then directs you the web site you requested using that IP address. IP addresses identify specific computers. An IP address (IP version 4, that is. IP version 6 is a bit different) looks like this: 188.8.131.52.
Your computer converts a URL to an IP address using a service called Domain Name System (DNS). DNS runs in the background on all computers, performing its task quietly and quickly. Your computer issues a DNS request to a DNS server, and receives a DNS reply. However, there are two main problems with the usual implementation of DNS. The first is that it is possible for bad guys to intercept your DNS requests. They can use it to feed your computer bad information (DNS poisoning), or perform what is called man-in-the-middle attacks. The second problem deals with privacy; your DNS requests and replies can be viewed by others.
DNS poisoning means your computer will receive the wrong IP address. You are then sent to the bad guy’s web site rather than that of your bank, for instance.
Man-in-the-middle attacks (which happen every day, this is not just a theory) works this way. Your computer thinks it’s connected to a bank website, and the bank thinks it’s connected to your computer, when there is actually a bad guy’s computer intercepting and transparently recording all this traffic! Your username, password, and ALL your financial data is now in the hands of the bad guy! This happens because the bad guys can often intercept and change your DNS requests. And please understand that DNS poisoning is only one of the ways the bad guys can initiate man-in-the-middle attacks.
The second main concern for every day DNS is privacy. Your ISP, governments, employers and anyone else interested in doing so can see your DNS requests. From that they can deduce where you surf, among other interesting tid-bits of information. My opinion is they have no business viewing this information, let alone recording and using it against you.
Here’s how to protect yourself: install DNSCrypt. It encrypts the DNS requests and replies sent to and from your computer, making it impossible for bad guys and inquisitive institutions to perform DNS poisoning, man-in-the-middle attacks or snoop your web browsing habits.
You can get DNSCrypt for free here (Windows & Mac only): http://www.opendns.com/technology/dnscrypt/
Enclave Managed Networks
Box 365, Smithers, BC, Canada V0J 2N0
877-877-8793 toll free phone & fax
Always Choose Peace
Always Choose Kindness
Always Choose Compassion