You think that your anonymity is reliably protected. But unfortunately this is not the case. There is one very important channel for leaking your private information - the DNS service. But fortunately, a solution has also been invented for this. Today I will tell you how to encrypt your DNS traffic using the DNSCrypt utility.

When using HTTPS or SSL, your HTTP traffic is encrypted, that is, protected. When you use a VPN, all your traffic is already encrypted (of course, it all depends on the VPN settings, but, as a rule, this is the case). But sometimes, even when using a VPN, your DNS queries are not encrypted, they are sent as is, which opens up a lot of room for creativity, including MITM attacks, traffic redirection and much more.

This is where the open source DNSCrypt utility comes to the rescue, developed by the well-known creators of OpenDNS - a program that allows you to encrypt DNS queries. After installing it on your computer, your connections will also be protected and you will be able to surf the Internet more safely. Of course, DNSCrypt is not a panacea for all problems, but only one of the security tools. You still need to use a VPN connection to encrypt all traffic, but pairing it with DNSCrypt will be more secure. If you are satisfied with such a brief explanation, you can immediately move on to the section where I will describe installing and using the program.

Let's try to understand deeper. This section is for the truly paranoid. If you value your time, then you can immediately proceed to installing the program.
So, as they say, it is better to see once than to hear a hundred times. Look at the picture.

Let's say a client (the laptop in the picture) is trying to access google.com. First of all, he should
resolve symbolic hostname to IP address. If the network configuration is such that the provider’s DNS server is used (an unencrypted connection, red line in the figure), then the resolution of the symbolic name to the IP address occurs over an unencrypted connection.

Yes, no one will know what data you will transmit to dkws.org.ua. But there are some very unpleasant moments. Firstly, the provider, by looking at the DNS logs, will be able to find out which sites you visited. Do you need it? Secondly, the possibility of DNS spoofing and DNS snooping attacks is likely. I will not describe them in detail; many articles have already been written about this. In a nutshell, the situation could be as follows: someone between you and the provider can intercept the DNS request (and since the requests are not encrypted, it will not be difficult to intercept the request and read its contents) and send you a “fake” response. As a result, instead of visiting google.com, you will go to the attacker’s website, which is exactly like the one you need, you will enter your password from the forum, and then the development of events, I think, is clear.

The situation described is called DNS leaking. DNS leaking occurs when your system, even after connecting to a VPN server or Tor, continues to query the provider's DNS servers to resolve domain names. Every time you visit a new website, connect to a new server, or launch a network application, your system contacts your ISP's DNS to resolve the name to the IP. As a result, your provider or anyone located on the “last mile,” that is, between you and the provider, can receive all the names of the nodes that you access. The above option with IP address substitution is quite cruel, but in any case it is possible to track the nodes you have visited and use this information for your own purposes.

If you are “afraid” of your provider or simply don’t want him to see what sites you visit, you can (of course, in addition to using VPN and other security measures) additionally configure your computer to use the DNS servers of the OpenDNS project (www.opendns.com) . Currently these are the following servers:

208.67.222.222
208.67.220.220

You don't need any other additional software. Just configure your system to use these DNS servers.

But the problem of intercepting DNS connections still remains. Yes, you are no longer accessing the provider’s DNS, but rather OpenDNS, but you can still intercept packets and see what’s in them. That is, if you wish, you can find out which nodes you accessed.

Now we come to DNSCrypt. This program allows you to encrypt your DNS connection. Now your ISP (and everyone between you and them) will not know exactly what sites you visit! I'll repeat it again. This program is not a replacement for Tor or VPN. As before, the rest of the data you transmit is transmitted without encryption if you do not use either a VPN or Tor. The program only encrypts DNS traffic.

AS A CONCLUSION

The article was not very long, since the program itself is very easy to use. But it wouldn't be complete if I didn't mention VPN. If you read this article and are interested in it, but you have not yet used the services of a VPN provider to encrypt your data, then it’s time to do so.
The VPN provider will provide you with a secure tunnel to transfer your data, and DNSCrypt will secure your DNS connections. Of course, the services of VPN providers are paid, but you have to pay for security, right?

You can, of course, use Tor, but Tor works relatively slowly, and, whatever one may say, it is not a VPN - it will not be possible to “torify” all traffic. In any case (whichever option you choose), your DNS connections are now secure. All that remains is to decide on a means of encrypting traffic (if you have not already done so).

Last updated by at October 30, 2016.

SoftEnter VPN Client program.

In connection with the real threat of expanding the punitive functions of the Anti-Piracy Law and the possible beginning of transferring its effect to ordinary users, namely, the possible introduction of fines for downloading pirated content (movies, music programs, and so on), I continue to introduce visitors to my sites with information on how to avoid these fines, that is, how to download from the Internet ANONYMOUSLY. Previously, I showed how to download anonymously from direct links and torrents. In this article we will look at one of the ways to encrypt all Internet traffic. Encrypting all Internet traffic will allow you to become completely anonymous on the Internet by changing your IP address to a third-party one. After changing your IP address using the application proposed in this article, no outsider will be able to find out which sites you visited or what you downloaded, including your Internet traffic in the torrent client will be encrypted.
We are talking about an application called SoftEnter VPN Client. This is a client program for communicating with a service called VPN Gate.
The VPN Gate service is an experimental project of the Graduate School of the University of Tsukuba (Japan). The idea of ​​the project is to organize by volunteers a public network of VPN tunnels, which are created using special software and made available for free for public use. Anyone can connect to them.
Private public VPN Gate networks are provided by ordinary people, not companies, and even the hypothetical possibility of receiving logs (the history of sites you visited and download history) at the request of the competent authorities is excluded. The VPN Gate service was created to enable citizens of countries where certain sites are blocked to visit them freely and anonymously, but the service can also be used to download the content you need without fear of unpleasant consequences.
Setting up the SoftEnter VPN Client program is not difficult at all. Now I'll show you how to do it.

First, download from the developer’s website using the link archive with the SoftEnter VPN Client software installation file.

By the way, information for those who have already used universal instant German glue Nano Kleber and for those who are not yet familiar with our product, our glue has changed dramatically.
Naturally for the better. Firstly, the appearance of the packaging and glue bottles has changed. Secondly, the volume of bottles has increased by a third! Now the weight of the bottle is 31.5 grams, the bottle with welding granules is 25 grams.
And most importantly, the quality of the glue itself has been improved. Due to numerous requests from customers, the glue has become thicker. This allows you to work with it without rushing before compressing (gluing). Preparation time has been doubled! However, its price remained the same.
You can learn more about Nano Kleber glue on our official website here. You can also order it there. Delivery - throughout Russia.

After downloading the archive, unpack the folder with the installation file to your desktop.

Open it and start installing the SoftEnter VPN Client software.

After installing the SoftEnter VPN Client software, we put it into operation.

Select one of the VPN servers and connect to it.

After connecting to the selected VPN server, all your Internet traffic will be sent through a third-party server, reliably hiding your online activities.

You can easily find out that you are connected to the VPN server of your choice by visiting one of the IP address checking services. They are not difficult to find. In the search bar of any search engine, for example, in Yandex, write the search phrase “ip check”.

Disabling your VPN connection is easy. After installing the SoftEnter VPN Client software, a special icon will appear in the tray. Right-click on it and in the context menu that appears, select the bottom line to disable the program.

As you can see, it’s not at all difficult to encrypt all your Internet traffic using the SoftEnter VPN Client program and the VPN Gate service.
In the near future, we will continue to study the topic of encrypting Internet traffic and consider another way to encrypt traffic using VPN services, directly, without using third-party applications, but only by changing the Internet connection settings.

01/08/2018

TunnelBear is a program that allows you to connect to a VPN network. Provides secure access to the Internet and protects personal information from theft. TunnelBear's goal is to help provide an additional layer of security for data transfers that occur between your computer and a remote server. The utility uses anonymous services to encrypt information. Using the program, you can navigate the Internet without worrying that your data may be intercepted by third parties. In addition to providing security, VPN software can hide the real IP address and set the address of another country. You can overcome geo...

05/06/2018

Spotflux is a small utility that helps the user make their Internet experience as confidential as possible. After installing this program, a special network driver is installed on the system, which allows all traffic to pass through the program server. On the server, data is cleared of user information, after which it will be sent to another server, to which you, in fact, sent the traffic initially. Return packets coming to you are also cleared. The program checks them for viruses, malware, and other unwanted modules. The Spotflux utility has sufficient...

29/05/2018

RoboForm is a special manager for passwords and various individual information data. This is very convenient for automating the filling of various web forms with constantly repeated information, for example, logins, passwords, email, etc. This function will significantly save personal time, which can be spent logging into any sites. All data is stored in a special unified program database. With one click of the mouse, they will appear in the required window if you enter the site again. A distinctive feature of this application is that it is able to distinguish between phishing and...

26/04/2018

UltraSurf is a convenient and useful utility that allows you to bypass various censorship and bans imposed by your provider or the government of your country. This application allows you to make your work on the Internet almost completely anonymous, for which encryption technologies are used, as well as special proxy servers. This program configures your browser so that all traffic it transmits is sent through UltraSurf's proxy server. Moreover, all data you send is encrypted using a 256-bit key, which is almost impossible to decrypt. However, the program is capable of...

31/01/2018

I2P is an application for working with the network of the same name, created by one of the development teams in response to attempts by various government agencies to ban the use of certain Internet capabilities. This program allows you to access a network that is built on the basis of DHT, but has a very complex structure with encryption of all traffic. The network provides one of the highest levels of encryption. In addition to the fact that user IP addresses are not published, the program also uses additional encryption systems. For example, incoming and outgoing traffic goes through different tunnels, which consist of several...

15/11/2017

BCArchive is a program for creating encrypted archives that allows you to work with several encryption algorithms. Allows you to select the encryption algorithm you need. Both simple algorithms and complex algorithms that are almost impossible to hack are supported. BCArchive integrates into the Explorer context menu, allowing you to always have access to it. In addition, it has been translated into many languages, including Russian. Another feature of the program is the ability to create self-extracting archives. This is necessary in cases where you need to transfer the archive to a person who may not have the archiver installed.

21/08/2017

LastPass Password Manager is a popular manager for storing your passwords. Distributed as a universal installer for Internet Explorer, Google Chrome, Mozilla Firefox, Opera and Apple Safari browsers. All user data in the LastPass manager is protected by a master password and is encrypted locally with the ability to sync between different browsers. In addition, the program contains an assistant for filling out forms, which allows you to automate entering passwords and filling out typical forms when registering on websites. The utility supports generating passwords, logging site logins, creating secure notes, hot...

19/06/2017

Secret Disk is a program that is designed to protect your personal files and data. Allows you to create a virtual hard disk that can be made invisible and protected with a password. This way you will have the opportunity to transfer all important information to this disk to avoid hacking or simply create your own personal place where you can store any information and not be afraid that someone will find out about it. The free version of the program has a memory limit of 5GB. In the event of an unplanned reboot of your computer, the next time you start the program, it will automatically hide and block any access to this disk, etc...

23/05/2017

Hola is a service that helps hundreds of Internet users access blocked information. The principle of operation of the service is reminiscent of P2P file-sharing networks, where a connection is established between user computers (peers). Hola caches the information being viewed on the user's computer and shares it with other people. The program allows you to speed up the loading of video content by splitting streams. Based on the principle of operation, it is clear that the more people install the program, the faster the data exchange will occur. Data caching and distribution occurs exclusively while the computer is waiting and does not affect...

11/01/2017

USB Flash Security is a useful utility that makes using USB drives safe. The flash drive can be password protected, making storage of information more secure. If the device is lost or stolen, no one will be able to access the files stored in the USB memory. When installing the program, you must first save all data on your computer’s hard drive, since USB Flash Security can format the flash device. The application is quite easy to understand, even without the Russian version. The use of this program will protect all files on the flash drive from access by malicious objects and unauthorized...

10/01/2017

KeePass is a password manager that can significantly increase the security of your personal data. The program is necessary for those who constantly surf the Internet, communicate on social networks, have several mailboxes, and are also registered in several payment systems. As you know, to ensure security, you must specify different passwords for all these services. In practice, a person uses 4-5 passwords, which alternate with each other. If one of these passwords is stolen by attackers, they can gain access to several resources at once. To enhance your safety...

27/06/2016

X-Proxy is a program for maintaining anonymity on the network. Using the application, you can access sites that are blocked by Internet providers in the user's country. This tool changes the user’s real IP address to a fake one, which allows you to surf the vast Internet completely anonymously. The program interacts with all major web browsers. Setting up anonymous access is extremely simple: you need to open the list of available servers and select any one you like. For the convenience of Internet users, X-Proxy has several tools available: determining the speed of the Internet connection, searching for a country by I...

The share of encrypted traffic in the total volume of transmitted and received data is constantly increasing. Enhanced protection of user messages is becoming a standard for instant messengers, the number of Internet resources whose hyperlinks begin with “https” is growing, VPN connections are becoming popular - all this complicates or makes it impossible to analyze information in traffic that will need to be stored in accordance with the law.

According to the working group of the Expert Council under the Government of the Russian Federation, currently in the networks of telecom operators the share of encrypted traffic is approaching 50 percent. Since there is no reason to prevent this share from growing, we can expect it to increase to 90 percent over the next three years.

On February 17, Deputy Prime Minister Arkady Dvorkovich, who oversees the preparation of by-laws for the Yarovaya package in the government, will hold a meeting at which the Ministry of Telecom and Mass Communications will have to outline how and by what means operators will have to comply with the requirements of the law. Dvorkovich should be provided with an estimate of financial costs, and the Minister of Communications Nikiforov will inform about the readiness of by-laws that the Government of the Russian Federation needs to adopt.

It can be expected that the main part of the meeting will be taken up by a discussion of those issues that not only telecom operators, but also intelligence agencies will have to face during the implementation process. According to Abyzov, Minister of Open Government and head of the expert working group, amendments to the current anti-terrorism legislation included in the Yarovaya package should help prevent crimes and increase the efficiency of investigations.

With each passing day, the likelihood increases that the operators will not have time to implement everything properly by the deadline required by law. The lack of adopted by-laws does not allow them to plan future costs; the size and “breakdown” over time are unclear, what sources will have to be used, and how these costs will affect the profitability of the business.

There is still no information about the composition of software and hardware that telecom operators can use, how and when they will be certified and approved for use on communication networks. It will take time to make decisions about how to integrate additional equipment and what infrastructure will be required. The final storage scheme is unknown: all issues will be handled entirely by the operators or Rostec will still be involved ().

There are “minor” but specific questions for individual operators. For example, mobile operators would like to know what to do with the traffic of roaming subscribers.

Taking into account the nature of the information to be stored, additional orders, instructions and clarifications are required, containing requirements for the protection of information, describing the procedure for access and access to it. Responsibility in the event of a “leak” must be determined (the topic of “responsibility” for some reason is almost not discussed by the public).

Everyone expects answers to these many questions from the Ministry of Industry and Trade and the Ministry of Telecom and Mass Communications - these departments must prepare drafts of several legal acts and send them to the Government of the Russian Federation. There is a feeling that it is unlikely that the traffic storage system will be implemented by July 1, 2018. I assume that the failure to implement the “Yarovaya package” could seriously “backfire” on the Minister of Communications.

In the first messages that appeared on the Internet on the news feeds of Interfax, RIA Novosti, etc., there was no specifics. Dvorkovich's press secretary sparsely informed: " A meeting was held on the law, the priorities and procedure for finalizing by-laws were discussed, as well as possible adjustments to the law if it was impossible to reflect the agreed position in the resolution".

Journalists tried to ask participants about the course of the discussion. What became known:

1. About increasing tariffs. Someone present at the meeting said that Deputy Prime Minister Arkady Dvorkovich appealed to operators (representatives of some companies were present at the meeting - MTS, MegaFon, VimpelCom, Yandex) with a request not to get carried away with increasing tariffs for services and suggested keep price increases within the limits of current inflation. I don’t know what he heard in response, but numerous estimates of the volume of costs for the implementation of the “Yarovaya package” and the limited time when this money will have to be spent do not fit into the economics of all telecommunications companies. Consequences: at a minimum, the development of networks will stop for several years and it will be necessary to reduce operating costs, which will lead to a decrease. quality of services. At the most, it will be easier to close down the business right away, without the “if I survive or not survive” experiments.

As I already wrote, a more or less accurate financial assessment could be obtained as part of the launch of a pilot project.

2. About what to store and what not to store. Officials understand that it will not be possible to store all traffic. This is not all, there is good news for providers: if the “retelling” of one of the participants is accurate, then at the first stage they may be required to store only voice call and SMS traffic, excluding the storage of data traffic. The “retelling” of another participant is different (and perhaps I was in a hurry to please providers): we discussed the storage periods for voice call traffic and text (SMS) messages; cellular operators would like to reduce these periods. It is confirmed that the issue of data traffic was discussed separately. But it seems that the discussion was only about reducing storage time and the volume of stored traffic.

That is, what and how to do with data traffic - uncertainty remains, we need to wait for new versions of the bills that the Ministry of Telecom and Mass Communications will have to prepare.

3. How to implement a storage system. The FSB proposes to expand the “ring buffer” during the implementation of the “Yarovaya package”. Operators are not against it, believing that this path may be less expensive than creating a new complete traffic storage system. It turned out along the way that the FSB does not support Rostec’s idea of ​​a single information repository, since the intelligence services would like to do without an intermediate link in the form of Rostec between them and telecom operators. In addition, as I already wrote, the current version of the law (aka the “Yarovaya package”) obliges telecom operators and only them to collect, record and store subscriber traffic. Since the “implementation” of Rostec means the need for changes in the law, this path, including the consideration and adoption of amendments in the State Duma, can “eat up” a lot of time.

Everyone talks about confidentiality of information and sometimes even demands to ensure it. But few people think about where such demands lead us? On the one hand - yes, privacy, the secret of personal life, the secret of correspondence... All this is granted to us by the Constitution and seems to be an inalienable right. Hence the growth in the volume of encrypted traffic on the Internet, according to the latest Cisco research.

The increase in this indicator is positively influenced by the introduction of encryption into various standards (for example, PCI DSS) and best practices that many organizations and service providers are beginning to follow. For example:

• providers of mobile content and services that have implemented encryption by default,
• video hosting and browser settings that enable encryption by default,
• online data storage and backup services.

It gets to the point that companies are starting to use encryption even in controlled areas where this encryption was not previously required, as it was associated with the need to upgrade the infrastructure to a more productive one, as well as with various legislative obstacles on the part of the FSB. But today the situation is changing - and equipment is becoming more powerful and containing built-in encryption functions, and the regulator is less concerned about what companies do to protect information for their own needs. Below is an example of one study from Lancope, which studied a number of companies and drew attention to the growth of entropy in the internal networks of enterprises.

But there is another side to encryption. Firstly, it creates the illusion of security when all attention is paid to encryption in the data transmission channel, but the encryption of data in the places where it is stored (the same data processing centers) is completely forgotten. In many recent data breaches, attackers stole valuable data while it was being stored rather than in transit. But this is not the only problem with encryption.

Attackers also began to actively use it, hiding their activities from monitoring or simply using encryption for evil purposes (the same cryptographers TeslaCrypt or CryptoWall). It becomes very difficult to control such flows of information, but encryption will not fail either from the point of view of information security or from the point of view of attackers. Therefore, it is so important to use additional mechanisms for analyzing network traffic, which allows you to monitor related parameters without plunging into the contents of the communications themselves - Netflow, domains and IP addresses and the dates of their birth, the reputation of interacting nodes and other metadata. It is also important not to forget about integrated security, which should not be “out of the box”, as is often the case, but be built into network equipment, operating systems, databases, servers, workstations, etc. In this case, working with encrypted traffic will be more efficient than trying to redirect it somewhere for decryption.

There is also a third side to the use of encryption. Out of nowhere we have a state with its requirements to ensure national security, protection from terrorists and extremists, etc. certainly important issues. Let's take, for example, the latest initiative of our authorities, which I wrote about the other day. Intelligence agencies and other interested parties essentially admit the inability of the widely established SORM elements to solve the problems facing them. SORM, traditionally focused on regular voice communications, coped well with this task, since encryption was never used in a regular telephone network, but in a mobile network it was easily handled at the level of the mobile operator (voice is encrypted only from the telephone set to the base station).

With data control and the Internet, the situation is much more complicated - there encryption can easily be made end-to-end and no SORM will help much here. And then there was the turning point in the use of encryption - over 50% of traffic on the Internet became impregnable for analysis by intelligence agencies. Therefore, there is only one option left - either to prohibit encryption altogether (which is unlikely), or to force everyone to deposit encryption keys and share public key certificates for a “legal” wedging into the data stream, as they tried to do in the mid-90s in the USA as part of the Clipper project. or develop an unspoken SORM.

Tellingly, Snowden’s “revelations” are precisely a demonstration of the third way to combat encryption, which the US intelligence services have taken. It would never even occur to anyone to ban something in the most democratic country. Demanding that Facebook, Twitter, and Microsoft publicly renounce the confidentiality of key deposits is pointless (again, democracy gets in the way). There is only one thing left to do - to develop technologies for the secret collection of information, as well as to force Internet companies to share information on secret decisions of a secret court.

Russia has now also come close to this dilemma, which the United States faced 20 years ago, starting the Clipper, Capstone and Skipjack project. We have chosen the second path for now, since the first one is very odious (and most importantly, terrorists and extremists will not care about this ban anyway), and the third one works poorly and is not scalable (just remember how Twitter, Google and Facebook “sent "Roskomnadzor with its requests regarding blocking of accounts that publish information that is unflattering for the Russian authorities).

This is the story we get with encryption. And what its ending will be is still unclear...