Disclaimer - I’m pretty new to a lot of this stuff.
I have a run-of-the-mill ISP-provided router with a dynamic IP address. I can however get a static IP from my ISP for a very small one-time fee. Alternatively I could get a domain from a free dynamic DNS provider such as DuckDNS.
Which will allow me to be more anonymous online?
Static IP: Every time I visit a website, my request will come from the same IP address. It seems like someone could easily build a profile of me, moreso than with an IP that frequently changes.
Dynamic DNS: Every time I visit a website, my request will come from an IP address that a specific domain points to. That domain will have whois information attached to it and whatnot. Someone could associate the information about the domain with my visit to their site.
I may very well be misunderstanding things here. Grateful for any pointers you all have!
Edit: to be clear, I’m not asking about this because I’m under the impression that either of these options are privacy tools. I’m looking for a solution for remotely accessing my home network and I’m trying to find the option that is least detrimental to my privacy when surfing the web.
You are mistaking some things here. If you visit a website it does not make a difference whether you (the source) has a DNS record for your ip it or not. The target always only sees your ip. Packets are routed based on ip adresses, not names!!
So in neither way you are anonymous, your IP is always visible and your ISP has records which user had which IP at which time.
Unless you are using a VPN or Tor, you are not anonymous.
Those things you mentioned, DynDNS or static IP are only relevant if YOU are hosting stuff and people are visiting YOU.
Neither. The dyndns ttl is usually weeks. So you will have the same ip for that long. And probably longer. As renewal, doesn’t give new in, it defaults to lease extension.
Browsing with Tor will give you the highest anonymity when browsing the web.
If you want to access your server behind your LAN use VPN/tunneling, or just simple port forwarding is ok.
You seem to be asking two questions which aren’t necessarily related to each other and have different aspects of how each one is private. Browsing the web vs remotely accessing your server.
in my opinion you should link a ddns client that will automatically update your cloudflare records (or any other cdn). or if u rent a static IP, put it as an A record on cloudflare.
no matter if you rent a static IP from your ISP, or keep the dynamic one, you should hide that all behind a cdn to prevent potential ddossing. a hacker cant do much with your ip, your two biggest worries is being ddossed and having your network compromised. so make sure to use a linux distribution and have at very least ufw set-up, but preferably use iptables. only open ports you need eg. 80 and 443. and if your router has its own firewall built-in, you should configure that, too.
if you don’t wanna deal with ddns clients, renting static IPs, opening ports and configuring firewalls, a lot safer method is just using cloudflare tunneling
I understand my IP address is always visible to the website I’m visiting.
My concern is that at least with a dynamic IP address, if I visit the same site months apart, they won’t be able to tell it was me again. But they would be able to link the two visits if I have a static IP.
And with dynamic DNS, my concern is - what if some sites look through DNS servers and match the entries against the IP addresses of their visitors? Then, when there’s a match, they could link the information about the domain with the IP of the visitor. Or is that an unlikely scenario?
You can lookup a hostname from an IP address if it has a PTR record assigned. In the case of a residential ISP with dynamic IP addresses, reverse DNS most likely be assigned to the ISP and not to the individual customer, and probably at the address block level.
For the OP’s concern, it doesn’t matter. Just trying to add some general knowledge.
Besides the IP, there are much more tracking mechanisms like hardware-ids or cookies, so you are trackable even with a dynamic IP.
What benefit would a site have if it knows that some domain belongs to your IP? Also I am relatively certain that you can not ‘look through DNS servers’ especially not the way IP → DNS. DNS Servers work the other way round. Also what you are describing is technically not feasible.
Sorry but what are you afraid of or trying to achieve? If you want to surf (relatively) anonymously, use Tor or a VPN (but then still other tracking mechanisms mentioned apply).
Well, if you want your VPN server inside you LAN then you need to have a static IP/DynDNS to port forward. Won’t make a difference in terms of security if you have a static IP WAN vs DynDNS. If someone knows your DynDNS name they can just ping it and it will return the IP. But you could use something like Tailscale or Zerotier or CF tunnels to have a VPN mesh without port forwarding. But I will not recommend those as this is a self-hosted sub. There is also Headscale, which is tailscale but selfhosted.
Thanks for that info. So if I setup a domain to point to my home ip, it wouldn’t have a ptr record unless I set one right? I assume someone would only do that if they were running an email server?
What benefit would a site have if it
knows that some domain belongs to your IP? Also I am relatively certain
that you can not ‘look through DNS servers’ especially not the way IP
-> DNS. DNS Servers work the other way round. Also what you are
describing is technically not feasible.
That makes sense.
Sorry but what are you afraid of or
trying to achieve? If you want to surf (relatively) anonymously, use Tor
or a VPN (but then still other tracking mechanisms mentioned apply).
I just want to minimize risk, but I’m only in the process of learning where the biggest risks are. I already take some measures like cookie deletion and user agent spoofing.
But if you have any more questions on that matter I suggest checking out /r/PrivateInternetAccess and /r/PrivacyGuides.
This sub is more for hosting stuff.
I already take some measures like cookie deletion and user agent spoofing.
Im sorry to say that, but it is useless. There a huge amount of methods to gather multiple sensors (serial numbers of motherboard, RAM, hard drives, battery…) about not only your hardware/network but your personal behavior which is pretty unique (mouse moving, eye tracking, typing…) Unfortunately most people don’t care(or simply not knowing it) and tech companies simply abuse its power more and more. Check hidden settings of your browser, how many of them and all of them sends to browsers maker back