Newb: I set secure DNS to Mullvad DNS. Since I can’t afford a VPN, I do my web searches on Tor browser.
I would not do that. The whole idea behind Tor Browser is to make users look similar. By using a custom DNS provider you stand out from the crowd, thus making yourself more unique/identifiable. A website may not be able to see who you are, but it’s gonna have a way easier time seeing that you’re the same person visiting as the person who was there yesterday.
Well, would they stand out to the next node but not to all Intermediaries, right, including the website they are visiting?
How would the website know that you are using a custom DNS provider?
redirecting you to a unique subdomain and watch which resolver comes calling. that’s how ipleak and co. check for DNS leaks.
Interesting… Never thought about that.
And that’s why you should stick with tor browsers defaults (with the exception of adjusting security slider to meet needs). They have a whole team who are paid to think about it.
Tor uses its own system for domain resolution which is discrete from conventional DNS entirely on the browser end, although your ISP can see that you are using tor.
More context please. Where did you set the DNS? Smartphone, desktop? In browser or on system settings?
Assuming the following: You set the general DNS on your AOSP based smartphone to Mullvad and use Tor bowser simultaneously.
This is perfectly fine as Tor browser uses its own DNS. They won’t interfere.
Why would you want to do that? Do not change anything as the idea is that all users use the same Tor as it is.
My guess is that it would just completely override the DNS.
Why would it be a bad idea?
I think tor works in part because everybody is identical in ways that change if you fiddle with settings.
No. It’s fine.
Tor uses its own DNS system to my recollection. It’s true there is DNS as part of fingerprinting and DNS leaks are a concern for VPNs (see for example https://www.dnsleaktest.com/) but Tor is not vulnerable to this and it’s more a problem of you’re using a VPN to appear to be in NYC but your DNS shows Phoenix so that’s a big discrepancy that raises the uniqueness of your fingerprint on a VPN and even lets threat actors guesstimate where you actually are. As I said though this is not an issue on Tor.
So understand that the DNS from Mullvad will only affect other programs not Tor. It will prevent say your ISP’s DNS from seeing your video games calling their domains that way. Your ISP can still see you’re connecting to infrastructure for as an example Genshin Impact when you launch the game because they can see where your traffic is flowing and the IP addresses as well as traffic patterns, ports, etc. It somewhat limits the data and visibility they get but there is something called SNI snooping as well as of course the fact they know the IP addresses where your connections go. So it’s perhaps better than nothing but understand the limits of it as they still have a lot of visibility though they shouldn’t be able to see your web searches regardless just that you’re accessing google or bing or duckduckgo as those sites use HTTPS.
That seems perfectly fine to me.
