Digital traces

Everything that internet users do online leaves behind a detailed trail of data about them. What can they do to protect their privacy in the digital world?

Testo: Michael Hausding, pubblicato il 16.03.2021

In a referendum on 7 March 2021, the Swiss electorate rejected the Federal Act on Electronic Identification Services (e-ID Act). Opponents of the e-ID insisted that ‘the Swiss digital passport does not belong in the hands of private companies’. They fear that private companies could collect sensitive data concerning the internet usage of e-ID holders, which would not be adequately protected.

Data trails

The fact is that the proposed e-ID solution would have seen a central agency responding to and recording every use of the e-ID. Central storage of usage data would carry considerable potential for misuse despite the trust placed in the operating organisations. This applies to both the potential monetisation of ‘anonymised’ usage data and the unauthorised use of data that could be stolen by hackers. The list of companies that have suffered data breaches in the past is long. E-ID usage data provides fairly detailed information about the services that internet users use and – if they also use their e-ID for authentication purposes – when they log into which service.

Internet users leave digital traces from which detailed profiles can be created. For instance, newspapers and other sources of information that internet users use provide information about their political views; the social networks they use allow conclusions to be drawn about their age, and shopping habits indicate their financial situation. Other interests – such as use of health or mobility services – are also easy to categorise based on the websites they visit.

But internet users don’t just leave behind a digital trail when they use a central e-ID. While the e-ID can provide a big-picture record of how internet users use online services, two other pieces of technology give companies access to far more detailed information about user behaviour – trackers and DNS.


There’s simply no stopping an online service provider from viewing detailed information about how their service is used. But what many internet users don’t realise is that third parties can also record in detail how they navigate within a webpage. A study conducted by Ghostery revealed that 79% of all websites around the world use third-party tracking. This can be impeded by installing browser plugins or using a browser like Brave. And if you’d like to ensure that your smart TV doesn’t reveal anything about your user behaviour, you can block trackers throughout your home network with Pi-hole.


But it’s not just web-based trackers; there’s another source that allows service providers to collect detailed information about user behaviour. Since IP addresses are ill-suited to navigating the web, a domain name has to be resolved into its corresponding IP address by a preconfigured recursive resolver for each interaction. So the recursive resolver knows the domain names of all the services that someone uses. This also allows companies to see what devices a household is using, what networked building services they have and whether they operate an alarm system from a particular manufacturer, for example. Even networked sex toys can be identified by DNS queries. Although DNS technologies like DoH and DoT are supposed to protect privacy, opportunities to track users through the DNS are still on the rise. This is firstly due to new security standards such as DoH which, in addition to the IP address, also transmits TLS information that can allow tracking of users. Secondly, the granularity of potential tracking is increasing through the use of DNS information with a short ‘time to live’ (TTL). Internet service providers use content delivery networks (CDNs) and they also want to be prepared for DDoS attacks, which means that they are shortening the validity of their DNS responses to a matter of minutes. This in turn means that internet users have to continually query the address at which a service is reachable, so the operator of the recursive resolver can see both the service being used and how long it is being used for.

This is why we need to protect this sensitive data; DoT and DoH protect it on the web. However, it is available in plain text again at the recursive resolver stage at the latest. And these resolvers aren’t just operated by ISPs; global cloud-based providers make use of them too. Often, internet users aren’t even aware that their WLAN router is sending DNS queries to the cloud rather than the ISP’s resolver. Alternatively, ISPs might do without the costly process of running DNS resolvers entirely and instead opt for a free solution from one of the large cloud providers. Internet users generally don’t realise that this approach means their data is being sent to a cloud provider in another country. And these providers often record the data, increasing the potential for misuse.

Around the world, operations are increasingly concentrated on a few large DNS resolver providers, due to increasing complexity, not to mention the costs associated with running a dedicated recursive resolver. Some ISPs avoid these costs by routing DNS queries directly to a large cloud operator.

What can Swiss ISPs and internet users do to limit the likelihood of their DNS data being misused? 

Fortunately, most ISPs in Switzerland still run their own resolvers. As long as they’ve implemented modern standards such as DNSSEC and QName minimisation and offer encrypted protocols such as DoT and DoH, they are the best way of offering internet users a reliable, secure service which protects their privacy. Distributed DNS resolution also helps to ensure the resilience of the Swiss internet. As the Cloudflare Public DNS outage last year indicated, there are certainly risks associated with central DNS service providers. And if ISPs want to retain the services of cloud-based recursive resolvers, there’s also a privacy-friendly solution: running a dedicated forwarding resolver that hides internet users’ IP addresses and caches queries. This offers the advantages of a large resolver (such as the very short response time, or filter-based protection against malware and phishing), while also protecting users’ privacy.

What can internet users do now to avoid leaving an unintentional DNS data trail online?

Using a trusted recursive resolver

Internet users may know their email provider, but very few of them know what recursive resolvers they’re using, or whether their ISP is using a cloud-based or foreign resolver and whether it records user data. Most operators of recursive resolvers publish a privacy policy, which will ideally indicate that they refrain from recording client queries.

SWITCH, Digital Society Switzerland and Quad9 (a cloud service that recently moved its operations to Switzerland) all have this type of privacy policy and follow the principle of data economy. This offers internet users maximum privacy protection on the internet. If data is not recorded, it cannot be misused. Unfortunately, ISPs’ DNS services usually don’t say anything about recording DNS data. In any case, data is protected by the TCA in Switzerland, so if users can’t find anything about this in their provider’s privacy policy, they should ask.

People are paying more attention to the issue of data protection – as they should. So it won’t come as a surprise that Quad9, the recursive resolver service provider, has seen its weekly growth rate double since announcing its move to Switzerland in mid-February 2021.

Michael   Hausding

Michael Hausding

Con il suo diploma in elettrotecnica del Politecnico di Zurigo, Urs Eppenberger è entrato in SWITCH nel 1987. Dopo aver lavorato in diversi settori, oggi dirige il reparto Clienti commerciali che comprende anche l'ufficio di registrazione per .ch e .li e il Security Team.

Altri contributi