DNS translates website names into numbers computers understand. By default, it leaks information about everywhere you go online.
The problem:
DNS requests go through your ISP — unencrypted. They see every site you try to visit.
Risks:
- ISP logs all your DNS requests
- Governments can block sites via DNS
- Hackers can redirect you to fake sites
The fix:
Encrypted DNS (DoH or DoT) hides what you’re looking up.
Most VPNs and privacy browsers handle this automatically. You can also change device settings to use encrypted DNS providers.
See: DNS recommendations