BEWARE GOOGLE DNS!

[Fx51LP308]

Long story short, after a long career of almost 23 years, my own Windows Server 2003 machine died (hardware death) on Easter Sunday of all days! And so did my DHCP, DNS and Active Directory servers as a result. I was in the process of building a brand new "Ubuntu Server" (Linux based) so I finished that quickly and installed both a DHCP and DNS server. It seems to work well.

The problem is, my Windows client machines won't accept DNS services from the Ubuntu server. It keeps trying to "Autoconfigure" an IP stack that gets me nowhere. All kinds of problems. So, what I do now is use the DHCP part of it and then enter DNS settings manually. At first, I tried dns.google.com (8.8.8.8, 8.8.4.4). It's quicker than most others. But BEWARE!

Google DNS appears to be tracking your URLs/Links more closely than normal. I went to YouTube, clicked on a video, and then it forced me to "Log in" to a Google account to watch the video. Not because it had adult, mature or violent content, etc. or whatever, but just simply "to prove I'm not a BOT." That's right. Just to prove I'm "not a BOT." And it required that for every video on which I clicked. Normally, I don't log in to Google to use YouTube (so it can't track me or tie my views to my account). When I changed to a different DNS provider, and went back to the same YouTube page (without even closing it), the videos played fine when I clicked on them.

I'm not saying that Google (via YouTube) isn't tracking me in other way (via the WAN IP, etc.), but at least they can't link what I watch to a Google Acct.

CAVEAT YouTube watchers!

 

[PolarisBreach]

It's a little early so I may be missing something, but from a tracking perspective, there's nothing Google doesn't gain any more information on you using a Google DNS to hit a Google site. Google DNS to anywhere else? Absolutely, and it's the reason I don't recommend anyone use it. If their DNS is handing out addresses to special YouTube servers on the backend, it's easy to verify.

 

[HPIguy]

They're all tracking you. Even the VPN providers that claim they aren't, I bet would roll on you in a second if the right agency put pressure on them. I stay logged into my Google account for various things, including my YouTube subscriptions that I follow. But, I no longer use Google DNS.

 

[Nik H]

If you are worried about being tracked, turn off the PC/Mac/Phone/Watch, etc. These are all force multipliers when it comes to being able to track people. If you turn it all off, they have to resort to more elaborate methods, which isn't worth it unless you are truly wanted. They can track you in so many ways, there is little likelihood you can do anything about it.

That is why I just try to hide in plain sight.

 

[AZLong]

Long story short, after a long career of almost 23 years, my own Windows Server 2003 machine died (hardware death) on Easter Sunday of all days! And so did my DHCP, DNS and Active Directory servers as a result. I was in the process of building a brand new "Ubuntu Server" (Linux based) so I finished that quickly and installed both a DHCP and DNS server. It seems to work well.

The problem is, my Windows client machines won't accept DNS services from the Ubuntu server. It keeps trying to "Autoconfigure" an IP stack that gets me nowhere. All kinds of problems. So, what I do now is use the DHCP part of it and then enter DNS settings manually. At first, I tried dns.google.com (8.8.8.8, 8.8.4.4). It's quicker than most others. But BEWARE!

Google DNS appears to be tracking your URLs/Links more closely than normal. I went to YouTube, clicked on a video, and then it forced me to "Log in" to a Google account to watch the video. Not because it had adult, mature or violent content, etc. or whatever, but just simply "to prove I'm not a BOT." That's right. Just to prove I'm "not a BOT." And it required that for every video on which I clicked. Normally, I don't log in to Google to use YouTube (so it can't track me or tie my views to my account). When I changed to a different DNS provider, and went back to the same YouTube page (without even closing it), the videos played fine when I clicked on them.

I'm not saying that Google (via YouTube) isn't tracking me in other way (via the WAN IP, etc.), but at least they can't link what I watch to a Google Acct.

CAVEAT YouTube watchers!

Google DNS is not "linking your account" to anything. It is DNS. They could send you to whatever server they want, but it would be the same regardless of your client.

You said you had an AD server. I assume your clients were domain members. Did you reconfigure and remove them from the domain? They likely won't take an address nor register theirs on a machine not on their domain.

 

[AZLong]

Long story short, after a long career of almost 23 years, my own Windows Server 2003 machine died (hardware death) on Easter Sunday of all days! And so did my DHCP, DNS and Active Directory servers as a result. I was in the process of building a brand new "Ubuntu Server" (Linux based) so I finished that quickly and installed both a DHCP and DNS server. It seems to work well.

The problem is, my Windows client machines won't accept DNS services from the Ubuntu server. It keeps trying to "Autoconfigure" an IP stack that gets me nowhere. All kinds of problems. So, what I do now is use the DHCP part of it and then enter DNS settings manually. At first, I tried dns.google.com (8.8.8.8, 8.8.4.4). It's quicker than most others. But BEWARE!

Google DNS appears to be tracking your URLs/Links more closely than normal. I went to YouTube, clicked on a video, and then it forced me to "Log in" to a Google account to watch the video. Not because it had adult, mature or violent content, etc. or whatever, but just simply "to prove I'm not a BOT." That's right. Just to prove I'm "not a BOT." And it required that for every video on which I clicked. Normally, I don't log in to Google to use YouTube (so it can't track me or tie my views to my account). When I changed to a different DNS provider, and went back to the same YouTube page (without even closing it), the videos played fine when I clicked on them.

I'm not saying that Google (via YouTube) isn't tracking me in other way (via the WAN IP, etc.), but at least they can't link what I watch to a Google Acct.

CAVEAT YouTube watchers!

Google DNS is not "linking your account" to anything. It is DNS. They could send you to whatever server

You said you had an AD server. I assume your clients were domain members. Did you reconfigure and remove them from the domain? They likely won't take an address nor register theirs on a machine not on their domain.

 

[Inifinty]

It ain't called a web for nothin.

I am pretty sure usage is often times tracked by fonts loaded from third party sites needed to load websites that are browsed.

One would be amazed at all the communications their PC is making unbeknownst to them in the background.

 

[Fx51LP308]

Google DNS is not "linking your account" to anything. It is DNS.

Correct. But by the system recognizing that I'm using Google DNS, YouTube is forcing me to log in to Google in order to continue to watch their videos. And, having logged in, YouTube/Google can then track what I watch in greater detail by linking the URLs to my Google Account and history. Without logging in, all the can do is link to a WAN IP address. "Officially" at least.That's all.

You said you had an AD server. I assume your clients were domain members. Did you reconfigure and remove them from the domain? They likely won't take an address nor register theirs on a machine not on their domain.

There was only one domain client... me (my instance of WindowsServer2003 only allowed 5 clients anyway). Don't ask why.... it's a long story. And I'm still logging on with my domain account, rather than my local admin account so I can continue to use the domain profile (stored locally). If I did have other domain clients, I would likely have to go around and make sure they could log in using their local IDs (or give them one if they didn't have one). I can't remove anyone (including me) from the domain since the PDC is dead (and, no, there wasn't a backup DC). I guess they're "removed" the hard way. I never intended to build a complete, fault tolerant, failover ready system. Just something to "stay in teh game."

OK.... part of the "long story." I had set all this up because it's what I used to do professionally, and I wanted to "stay in the game" as it were. I didn't do all the group policy stuff you can do with AD or create internal zones with DNS, but I did create at least one domain account and used it. I used the DHCP and DNS servers, but I did not use AD fully. And I can do without it when it comes to my new Ubuntu Server (won't need Samba or anything). The Ubuntu DHCP server (isc-dhcp-server) is working fine. I know KEA is more modern but that's for Ubuntu server 23+ I'm on 22.04. The Ubuntu DNS Server (bind9) is also working but I need to test it and observer what it's storing in its router tables.

I haven't yet found a viable Linux/Ubuntu equivalent for AD, so I'll change the paradigm and use their own local security and policy controls. It will get me closer to freedom from the Windows paradigm. Just a few more apps to go for which to find a Linux/Ubuntu equivalent. I already have an Ubuntu desktop client and it's worklng nicely. But I still have to use some Windows apps for my tutoring gigs.

 

[NoDopes]

YouTube/Google can then track what I watch in greater detail by linking the URLs to my Google Account and history. Without logging in, all the can do is link to a WAN IP address. "Officially" at least.That's all.

Browser "finger-printing"... they know you.. they track you... they own you... whether you know it or not.

Way back in 2016 when I bought a Sonata, they offered a paid service to let me know if any of my kids drove the car outside a geo-fence I could set or if they ever exceeded the speed limit. You really need to disable cellular in your vehicles, everybody is watching.
This is some of the shit they used to arrest anybody within a 1 mile radius of the protests on Jan 6. Then lock them up without trial.

 

[Fx51LP308]

If you are worried about being tracked, turn off the PC/Mac/Phone/Watch, etc. These are all force multipliers when it comes to being able to track people. If you turn it all off, they have to resort to more elaborate methods, which isn't worth it unless you are truly wanted. They can track you in so many ways, there is little likelihood you can do anything about it.

That is why I just try to hide in plain sight.

But it's harder for them to track me "by name" if I'm not logged into anything. They can track by WAN IP and they'd never know who on my WAN was doing whatever. I'm not that "paranoid" as to go completely dark. I do believe in "hiding in plain sight." But I also believe in not making it any easier on them by volunteering things that can link me directly by name.

 

[748rpilot]

OpenLDAP for authorization, Kerberos for authentication; sssd for client integration.

(Your AD alternative.)

 

[Fx51LP308]

Browser "finger-printing"... they know you.. they track you... they own you... whether you know it or not.

Not if I browse "incognito." (Private Windows)

Way back in 2016 when I bought a Sonata, they offered a paid service to let me know if any of my kids drove the car outside a geo-fence I could set or if they ever exceeded the speed limit. You really need to disable cellular in your vehicles, everybody is watching.

That is true. That's one of my "hide in plain sight" things. I don't care if they track what roads I try to take. Now, if they try to track my "destinations" this way (i.e. any ranges, weapon brick/mortar stores, etc, etc,), that may be a problem. I avoid going to those places now.

This is some of the shit they used to arrest anybody within a 1 mile radius of the protests on Jan 6. Then lock them up without trial.

Well, lesson learned. Don't go to one of those things with your real smartphone. Use a burn phone if possible. Wear a COVID-19 mask so you can't be "face tracked" either.

 

[Fx51LP308]

OpenLDAP for authorization, Kerberos for authentication; sssd for client integration.

(Your AD alternative.)

Thanks! I have some experience with Kerberos. I like it. I'll look into OpenLDAP and sssd.

 

[doubloon]

Google DNS appears to be tracking your URLs/Links more closely

This has been well known for years.

They're all tracking you. Even the VPN providers that claim they aren't

This is mostly true, some just track less or none or your PII.

But it's harder for them to track me "by name" if I'm not logged into anything.

Coooookies. Canvas/Browser Fingerprinting. IP address tracking. The Web BeACoNs.

Not if I browse "incognito." (Private Windows)

In *theory" incognito helps keep the junk on your PC in a sandbox but there are other ways of tracking your traffic even if you never log into anything.

ETA: If you want to get a little bit closer to "private" or "anonymous" surfing you can try the Tor browser loaded up with ad, script and fingerprint blocking. A lot of sites won't even let you access content because you're no longer paying the tracking toll ... helps open your eyes to just how many sites are aggressively tracking you and refuse to let you play without giving them access to your identity.

 

[NoDopes]

Not if I browse "incognito." (Private Windows)

Can Incognito Mode or Private Browsing prevent browser fingerprinting?​

Ideally, incognito mode and private browsing of popular browsers should help maintain a high level of privacy. However, they fall short when it comes to browser fingerprinting. Using these features makes the browser fingerprint more unique to the user.

Makes it worse.

 

[748rpilot]

Just know that Tor was developed and funded by the DoD and the US Gov (Navy?) run a significant amount of Tor nodes, enabling attacks on the anonymity. *

* unless things have changed and my info is outdated.

 

[chevy_man]

I log into YouTube so the algorithm can recommend better suggestions. Found a ton of channels that way.

Oh, and I pay for premium to download things for offline (podcasts mostly) and there's zero adds.

 

[GUN NUT in IA]

I am just trying to imagine how long this thread would be if real words were used.

 

[Adam B]

FTW and run FreeBSD

 

[MCHOG]

The feeling I get when reading this thread must be what retarded people feel like when listening to normal conversations.

 

[doubloon]

The feeling I get when reading this thread must be what retarded people feel like when listening to normal conversations.

I can summarize it for you.

In layman's terms, you're fucked.

 

[doubloon]

Just know that Tor was developed and funded by the DoD and the US Gov (Navy?) run a significant amount of Tor nodes, enabling attacks on the anonymity. *

* unless things have changed and my info is outdated.

Tor by itself won't get you there. Still need a VPN.

And, as you mentioned, Tor nodes makes a difference, who owns them and how many are engaged in distributing your traffic makes a difference. If there are only a couple nodes distributing your data it's not as good as 20 or 30 or 100.