Privacy First: Reclaiming Your DNS and Your Digital Rights

Tech Scroll 126

By Akadata Limited
Published on 09/10/2025

Proverb: The one who builds their own path of light need not ask permission to walk it.

Parable: A man once walked a road watched by towers. Each tower promised safety, yet each gaze took a piece of his shadow. When the man built his own lantern and walked unseen, the towers called him dark. But his light came from within, and those who followed soon saw that true illumination needs no surveillance — only understanding.

The Principle: Human Rights Before Institutional Rights

Akadata stands on a simple truth: privacy is a human right, not a privilege granted by governments or corporations. The digital networks of today exist because of humans who built and maintain them, not the other way around.

Yet many have forgotten that each packet of data leaving their device carries a trace of their life, and that trace is often collected, profiled, and sold. Most people believe that because they pay an Internet Service Provider (ISP) for access, that relationship is private. It is not.

Are You the Product?

The slogan “If the service is free, you’re the product” extends to services you pay for. ISPs still log metadata, the who, when, and where of your traffic, and may share or monetise it through analytics partnerships. Even with HTTPS encryption, the domain name of every site you visit is still visible to your ISP when you use their DNS resolver.

The so-called Dark Internet is not dark at all. It is simply the part of the web another entity does not want the human to see, private, unindexed, or hidden from surveillance. Privacy does not make a person dark; it makes them free.

Why Change Your DNS Resolver

When you visit a website, your device asks a Domain Name System (DNS) resolver for its IP address. If that resolver belongs to your ISP, every lookup is logged. This builds a detailed picture of your habits and interests.

By switching to a privacy-focused resolver, or better, by running your own, you stop that profiling at its root. You also gain:

• Independence from ISP logging policies.
• Integrity — no DNS hijacking or advertising injection.
• Security — encryption (DoH/DoT) prevents third-party tampering.
• Transparency — you control where your queries go.

Step 1: Decide Your Approach

Option A: Use a Privacy Resolver

These public resolvers support DNS over HTTPS (DoH) or DNS over TLS (DoT):

Configure these directly in your system settings or router. They keep minimal logs and operate under privacy-first jurisdictions.

Option B: Run Your Own Resolver

Running your own resolver ensures no third party sees your lookups. Below are examples for Linux (Arch & Alpine), macOS, and Windows.

Step 2: Linux – Using Unbound (recommended)

Install

# Arch Linux
sudo pacman -S unbound

# Alpine Linux
sudo apk add unbound

Configure /etc/unbound/unbound.conf

server:
    verbosity: 1
    interface: 0.0.0.0
    interface: ::0
    access-control: 127.0.0.1 allow
    access-control: ::1 allow
    do-ip4: yes
    do-ip6: yes
    do-tcp: yes
    do-udp: yes
    hide-identity: yes
    hide-version: yes

forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 1.1.1.1@853  # Cloudflare
    forward-addr: 9.9.9.9@853  # Quad9

Point /etc/resolv.conf to localhost

nameserver 127.0.0.1
nameserver ::1

Enable and start

# Alpine
sudo rc-service unbound start && rc-update add unbound default

# Arch
sudo systemctl enable --now unbound

Your system now resolves securely through your own encrypted forwarders.

Step 3: Linux – Using Knot Resolver

# Arch Linux
sudo pacman -S knot-resolver
# Alpine
sudo apk add knot-resolver

Edit /etc/knot-resolver/kresd.conf:

modules.load('policy', 'hints', 'stats')
policy.add(policy.all(policy.TLS_FORWARD({{'1.1.1.1', hostname='cloudflare-dns.com'}, {'9.9.9.9', hostname='dns.quad9.net'}})))

Enable the service:

sudo systemctl enable --now kresd

Update /etc/resolv.conf to point to 127.0.0.1.

Step 4: Linux – Using dnscrypt-proxy

# Arch Linux
sudo pacman -S dnscrypt-proxy
# Alpine
sudo apk add dnscrypt-proxy

Edit /etc/dnscrypt-proxy/dnscrypt-proxy.toml and select resolvers supporting DNS-over-HTTPS or DNSCrypt.

Restart the service:

sudo systemctl enable --now dnscrypt-proxy

Again, point /etc/resolv.conf to 127.0.0.1.

Step 5: macOS

1. Download DNSCrypt-Proxy or Cloudflare WARP from their official sites.
2. Use System Preferences → Network → Advanced → DNS and enter:
   • 1.1.1.1
   • 1.0.0.1
3. Enable DNS-over-HTTPS in the proxy configuration or WARP menu.

This ensures DNS queries are encrypted and bypass Apple’s default resolvers.

Step 6: Windows

1. Open Settings → Network & Internet → Change adapter options.
2. Right-click your connection → Properties.
3. Select Internet Protocol Version 4 (TCP/IPv4) → Properties.
4. Choose “Use the following DNS server addresses” and enter:
   • Preferred: 1.1.1.1
   • Alternate: 9.9.9.9
5. For Windows 11, enable Encrypted DNS (DoH):
   • Settings → Network → Ethernet/Wi-Fi → DNS settings → Choose Encrypted only (DNS over HTTPS).

Step 7: Test Your Setup

Visit:

• https://1.1.1.1/help
• https://browserleaks.com/dns
• https://dnscheck.tools.akadata.ltd (Akadata’s own test page - coming soon)

If you see your chosen resolver (not your ISP), your privacy layer is active.

Legal and Ethical Foundation

Under UK GDPR, your ISP remains a data controller for connection metadata. You have the right to:

Request all retained connection logs (Article 15).

Template Letter – Request for Retained Connection Logs

Subject: Subject Access Request – Internet Connection Records (Article 15 UK GDPR)

Dear Data Protection Officer (ISP Name),

Under Article 15 of the UK General Data Protection Regulation (UK GDPR), I request full disclosure of all personal data held about me, including all Internet Connection Records and related metadata retained under the Investigatory Powers Act 2016 or other policies.

Please provide:

1. A list of connection logs, IP sessions, and timestamps linked to my subscriber account.
2. Any DNS or traffic metadata associated with my line or IP address.
3. The lawful basis for collecting and retaining such data.
4. The retention period and any third parties with whom the data has been shared.

Please deliver the information in a machine-readable format within one calendar month as required under Article 12(3).

Kind regards,
[Typed Name]
[Account Number or Service Reference]
[Email Address]
[Postal Address]

Object to their processing for analytics or marketing (Article 21).

Template Letter – Objection to Processing for Analytics or Marketing

Subject: Objection to Processing for Analytics or Marketing (Article 21 UK GDPR)

Dear Data Protection Officer (ISP Name),

Under Article 21 of the UK General Data Protection Regulation (UK GDPR), I hereby object to the processing of any personal data, traffic data, or metadata for purposes of analytics, marketing, service optimisation, or profiling not strictly necessary to deliver connectivity.

Please confirm that:

1. All marketing or analytics processing of my personal data will cease.
2. No profiling or automated decision-making occurs for commercial purposes.
3. My objection has been recorded and communicated to all relevant data processors or partners.

A written acknowledgement of this objection should be provided within one calendar month as required under Article 12(3).

Kind regards,
[Typed Name]
[Account Number or Service Reference]
[Email Address]
[Postal Address]

Demand deletion once retention obligations expire (Article 17).

Template Letter – Request for Erasure of Retained Data

Subject: Request for Erasure of Retained Data (Article 17 UK GDPR)

Dear Data Protection Officer (ISP Name),

Under Article 17 of the UK General Data Protection Regulation (UK GDPR), I request that all personal data, connection metadata, or traffic records concerning my account be erased once any statutory retention obligations under the Investigatory Powers Act 2016 or other legal instruments have expired.

This request includes but is not limited to DNS logs, session records, IP allocations, and any internal analytics or profiling data not required by law to remain.

Please confirm:

1. The date or schedule when each category of data will be deleted.
2. That no copies or backups will be retained beyond the lawful period.
3. That deletion will extend to all data processors and third parties handling this data on your behalf.

This right to erasure reflects fundamental human and natural rights that predate government permission; what government defines as a right is often a limitation upon those true living rights. This notice asserts those rights in full.

A written confirmation of deletion is expected within one calendar month as required under Article 12(3).

Kind regards,
[Typed Name]
[Account Number or Service Reference]
[Email Address]
[Postal Address]

But technology gives you the faster protection, encryption at the source.
Law ensures that if your privacy is ignored, you have remedy.

In the United Kingdom, several Statutory Instruments (SIs) and Acts claim to provide or regulate 'rights', often framing restrictions as permissions. Among these are the Data Protection Act 2018, Investigatory Powers Act 2016, Communications Data Retention and Acquisition Regulations, and numerous subordinate SIs under the Home Office. Each claims to grant protection while simultaneously delineating limits upon genuine, natural human freedom.

These government-created 'rights' are administrative controls, not the source of human authority. True living, breathing rights, freedom of thought, speech, and privacy, exist before and beyond statute; they are recognised, not created, by any government.

The difference is simple yet profound: a statute-based 'right' is conditional, existing only within the boundaries that government institutions define and can retract. A human right is unconditional, born with every individual, inherent and inalienable. One is permission that may be revoked; the other is existence itself, which cannot be granted or taken away. Governmental rights operate on paper and policy; human rights live in conscience and being.

Conclusion: The Light Within the So-Called Dark

There is nothing dark about protecting one’s privacy.
There is nothing secret about choosing independence from surveillance.

There is only the human reclaiming the right to walk unseen by those who would monetise their path.

Run your own DNS. Encrypt your queries. Be light in a system that profits from shadows.

Privacy first — always.