Is running my DNS through VPN sufficient?
Primary goal is for my traffic to be hidden from my ISP (and whoever they may choose to share with).
Or at least to the point it can’t be linked to me (directly/indirectly).
I’m a considerable green horn when it comes to cyber security so hoping to gain some guidance, I am getting a FWG to act as a router and it allows for just the DNS to run through a VPN of my choice.
Problems with passing my entire traffic through VPN is the visible slow down which is not ideal. Hence just the DNS traffic.
None of this will hide it completely. Your isp will still see where your traffic goes even if it doesn’t get the dns requests. You’ve made it marginally harder if you do dns over https or unbound or route your dns over a vpn but every packet coming from your house still has the exact info needed to trace where it went or came from in its header. If you route all your traffic (I.e. Not just dns) through a vpn, all you have done is replace the isp by the vpn provider. Who do you trust? This doesn’t even count that you are tracked in many other ways on the web by google and a whole myriad of ad networks.
I highly recommend you use dns over https or unbound on the Firewalla for somewhat better privacy but don’t think for a moment you can really completely hide from your isp or vpn provider. You make it marginally harder for them and you avoid casual monitoring but it really is only a minor increase.
There are ways to really anonymize your traffic using tor and dark web techniques but if you thought just vpn slowed down your connection you will not like that at all.
I agree with /u/Exotic-Grape8743. You need to send all of your traffic over a VPN if you want to hide it from your ISP. But then you’ll just be moving your trust from your ISP to your VPN provider. Setup your own VPN endpoint on a VM in someone’s cloud and you’ve shifted your trust to the cloud provider. A VPN will slow things down.
The next step would be to use something like Tor. That would help you hide things from your ISP and wouldn’t just move things to a VPN or cloud provider. Tor will slow things down even more.
None of this does anything about what is likely to be the most serious points of data leakage - the apps and services you use.
Firewalla can help prevent tracking by the apps and services you use by blocking known trackers. It can also help prevent malware from reaching out to controller sites, etc. and doing harm or sending your data off somewhere. Firewalla also has pretty good reporting and alerting, so you’ll have a better idea of what’s actually going on in your network. Combine Firewalla with some browser plugins that help with privacy and blocking trackers, run ant-malware software on your computers, and try to be aware of how your apps and services are tracking you - and work to reduce that tracking and hoovering off of data.
I do use Firewalla’s DoH feature. I feel there isn’t much reason not to use it. Quad 9 is a good DNS provider, and they do some filtering to help protect against malware. Firewalla makes sure that all of the devices on my network use my preferred DNS provider and that the results are cached on my Firewalla for better performance.
To just hide your DNS, use Unbound to forward via https, no VPN necessary.
Agree with others that you aren’t hiding much with DNS. One nice thing with Firewalla, is if you have a decent paid VPN provider, routing just one device or certain traffic through it it very easy and limits (or eliminates) any slow down (depending on what you are doing).
Your ISP will know the IP addresses of your traffic but not the URLs or even the domains. This is because all that is encrypted with HTTPS. The privacy benefits of VPNs are dramatically overstated. Here’s an article that explains why: VPN - a Very Precarious Narrative - Dennis Schubert
Like your thoughts. I agree that with a VPN you are basically moving who can see your traffic. I do like the idea of filtering DNS with DoH. Quad 9 looks interesting. There are others as well. In Canada, CIRA offers Canadian Shield for free and different DNS filters depending on what you are looking for. I use and pay for NextDNS, which allows me to control my DNS filtering and have it available on my devices when I am traveling.
Yes this is what I plan to do, thanks!
However I’m actually seeking “expert” advice if this will sufficiently hide me/ my home users.
As described in my post.
I pay for NextDNS for the same reasons. I didn’t mention it originally because I didn’t want to seem like I was pushing a paid product on the OP. Quad 9 _is_ really good and they don’t log your DNS queries, so I do highly recommend it if you want a free option.