This is One Thing, a column with tips on how to live.
The internet is a dangerous place. There are websites that will happily deliver you malware, or display violent or sexual imagery after your child unsuspectingly clicks on a link. While there are lots of ways to protect yourself when browsing online, there’s one quick way to protect everyone who uses your home’s internet network at once, by using something called an alternative Domain Name System resolver.
Every time you tap a link or enter a URL into a browser, that link gets translated (or “resolved”) from the letters you typed in (e.g., Slate.com) to an IP address (e.g., 151.101.130.133). The phonebook of sorts that makes this happen is called the Domain Name System, or DNS. The DNS runs on servers all over the world, known as DNS resolvers. You probably use the DNS resolver run by your internet service provider, if you got the router from them and never changed the settings. (Imagine a guy at Verizon sitting in a room looking up the letters you typed and converting them to an IP address, and then sending you on your way—it’s like that, but a computer instead of a guy.)
The trouble with these default lookup systems is that, often, they are not very discerning: If your second grader types in Pornhub.com, that DNS resolver will go right ahead and resolve that to its IP address, and send your kid out into an area of the internet they shouldn’t yet know about. If you look up a site that will deliver malware to your computer, the DNS resolver may just be like: Yes, go right ahead.
The other thing is: Those internet service providers are seeing everything you look up. If you find this a little disturbing from a privacy perspective, you’re not alone! Comcast is one of the good guys in the space (I was surprised, too). They address DNS directly in their privacy policy, noting, “Comcast does not use Comcast DNS data for marketing, advertising, or sales purposes, and does not sell this data to third parties for any purpose.” Verizon, on the other hand, explicitly states that they do use your DNS lookups to “predict your interests, preferences and other insights we use in the program.” That “other insights” covers, uh, a lot of potential uses.
Fortunately, you have options as to which middle man you have retrieving websites for you, and there are choices beyond just the internet big guys. By changing your DNS to another service, you can change who is in charge of your DNS lookups. You can use a free public DNS resolver that will automatically block known malicious domain names and that won’t be giving away information about your browsing.
There are lots of different DNS services that you can use that prioritize safe browsing and security (and like websites themselves, they all have their own IP addresses—even the phonebook guy has a phone number). Google runs one at 8.8.8.8, a company called Level 3 runs the nerdily infamous 4.2.2.2, and most ISPs (AT&T, Cox, etc.) have one. The one I recommend is called 1.1.1.1 and is offered by Cloudflare. Cloudflare not only built its free service with privacy in mind (they throw out the search logs every 24 hours), it also offers two additional options for blocking malware and adult content called DNS for Families.
Cloudflare’s installation guide is your best resource for how to update your home network to use Cloudflare 1.1.1.1. At its most basic level, you’ll update DNS settings on devices to remove two IP addresses and replace them with two new ones. If you just want to stop having your internet use logged, you’ll use 1.1.1.1 and 1.0.0.1. If you also want to block malware, use 1.1.1.2 and 1.0.0.2. If you want to block malware and adult content, use 1.1.1.3 and 1.0.0.3.
You can update various types of devices you might have (phones, desktops, gaming consoles) individually—say, you just want your kid’s tablet to be blocked from adult content. Or, even better, you can update your router, to protect everyone on your home Wi-Fi at once (and then you can override that DNS setting on your tablet so you can still watch adult content). Every router is different, but you’ll typically navigate your browser to an address like 192.168.1.1 to log in and update its DNS settings (again, the Cloudflare guide is there to help). To test that you’ve managed to get the settings right, visit this test website or this one on various devices connected to your home network. (Don’t worry, they won’t actually install malware on your device or show you porn!) You might need to open an incognito window or use a different browser after you make settings changes to double-check that they’ve taken effect.
If you update your router and find that your computer or phone is still able to access the sites above, you’ll need to follow the directions for updating your individual devices.
There may come a time when for some reason you actually want to visit an adult website. Don’t worry, you’ve got options. The quickest thing to do is just turn off Wi-Fi on your device, and use your cell provider’s data plan. As mentioned above, you can also update the DNS on a specific device to use a different DNS resolver than the one your home network does. Or you can use a VPN.
Congratulations! If you managed to update this one thing in your router’s settings, you can rest easy that any device on your home Wi-Fi network will have an extra layer of protection when wading into the caustic cesspool of the internet.
Thanks for signing up! You can manage your newsletter subscriptions at any time.
Slate is published by The Slate Group, a Graham Holdings Company.
All contents © 2024 The Slate Group LLC. All rights reserved.
Français 
English