SMW Logo
SMW Logo

Why Your Web Browsing Isn’t Always Secure, And What You Can Do About It, And It Involves Your DNS

DNS Network

Even though you may think your web browsing is safe from prying eyes, there’s one actor who by default can see every site you go to. That’s where DNS over HTTPS comes in.


In a previous post, I talked about what SSL is, and why you need it. But even normal SSL can’t protect you from your Internet Service Provider (ISP).

While SSL encrypts and protects your web traffic between say, you and your bank, it doesn’t prevent your ISP from seeing that you visited your bank’s website.


Every website on the internet has an address, called an “ip address”. there are two standards for ip addresses:

ip v4, introduced in the early 80s consists of a 32-bit address (012.34.567.8), which has 4,294,967,296 possible combinations. In today’s internet, that’s not enough.

ip v6, which became a standard in 2017, uses 128-bit addresses (0123:4567:89ab:cdef:0123:4567:89ab:cdef). That’s 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations.

But we as users don’t pay attention to those addresses. Instead, we use an easier to recognize address, called a “URL” (Uniform Resource Locator) like “”.

That’s where the Domain Name Server (DNS) comes in. Basically, DNS is a huge internet phonebook (kids, ask your grandparents) that associates the URL to the ip address.

The DNS process

When you type in (or click a link) for Amazon, your browser sends that request to the nearest DNS. It resolves the URL to the ip address, and routes your request to Amazon’s web server. That’s where SSL comes in. Your browser and their server negotiates a secure key to enable an encrypted signal.

Your ISP

But first the request goes through your ISP, and since encryption hasn’t been negotiated yet, the request is basically wide open for anyone to see. This also goes for anyone snooping on you in a public Wi-Fi space, like a coffee shop).

DNS over HTTPS seeks to change that, but you might have to enable it first.


With DNS over HTTPS enabled, Domain Name Servers negotiate a secure key to encrypt your DNS request. This keeps your ISP, or any other snooper from seeing what website(s) you’re visiting.

So the signal goes unencrypted from you to the DNS, there it is encrypted and sent on its way. All your ISP sees is that you sent a request to a DNS.

Web Browsers

Only Firefox enables DNS over HTTPS by default, Chrome, Edge, Brave, and Safari have to be enabled. This post from Cloudflair (a DNS) explains how

If you’re on Android, You can enable DNS over HTTPS by going to Settings/Network & Internet/ Private DNS and set it to “automatic”.

For you folks on iPhones, it’s a little harder. This post, again from Cloudflair explains how to implement it.

Sad to say, but privacy and security is in your hands. Don’t depend on your ISP to protect your privacy.

Notify of
Inline Feedbacks
View all comments


More Posts

top 5 password managers

The Top 5 Password Managers

Password managers are a must in today’s internet. Here I look at the top ones and evaluate them on security, ease of use, and cost.

last gasp for lastpass

Last Gasp For LastPass?

LastPass has just suffered a major breach, and is passing it off as much of nothing. Let’s dig into the details of what might be

Send Us A Message