Improving DNS Privacy with Oblivious DoH in 1.1.1.1
-
Great news about common network security Improving DNS Privacy with Oblivious DoH in 1.1.1.1 https://blog.cloudflare.com/oblivious-dns/
-
Its news - there isn't anything great or even good about it.. Its more smoke and mirrors trying to get your dns info.. And preventing the owner of the local network from controlling their own dns..
Anything that centralizes dns is not a good anything.
It doesn't improve anything either - but it sure and the F slows down even more a simple query for www.google.com
Anything that takes the selection of what dns I point to out of the hands of the user is not good either. I don't want my browser using some dns, or application or device because they think I am too stupid to point to the dns I want to use.. Or that I am worried about my isp seeing this traffic. Doesn't matter how I attempt to hide the dns query from the isp, or even from the dns it goes to.. The isp can still see where I go, be it via the IP I got to or the sni in my https traffic.
There are ways to make dns more secure, and more private - this is not it..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
I've given up on this topic, if you want to think this makes you more private, go right ahead.
I used to have a saying back in my consulting days.
If the customer looks like they are heading off a cliff, warn them. If they continue, warn them again. But in the end, there is nothing in the contract that says I have to go over the edge with them.
<mic drop>
-
@johnpoz
we should make a petition and send it to Microsoft / Mozilla / google - chrome staff
something like
stop thinking your customers are stupid or stop treating your customers as stupid
sign:
-
It wouldn't make a difference, "the great reset" is on it's way anyway
-
Biggest gripe I have with DoT/DoH and the like is it distracts from potentially useful enhancements like ESNI or ECH. ESNI was a thing right up until the moment it wasn't. I don't have any tin foil, let alone a tin foil hat, but I do wonder what is driving these technologies and those who wield disproportionate influence in the industry.
ZDNET is a purveyor of crap a lot of the time but this should make people think:
https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/
China blocks this because it keeps them from being all seeing, all knowing...
Anyhow, I hate being sold without due compensation. Tracking me, I should get a percentage of the take...
-
@johnpoz said in Improving DNS Privacy with Oblivious DoH in 1.1.1.1:
Anything that centralizes dns is not a good anything.
You are absolutely right in this!
Because the same reason a lot of companies try to play on “secured public DNS” scene. For example AdGuard becomes the world's first public DNS-over-QUIC resolver https://adguard.com/en/blog/dns-over-quic.html
-
@jwj said in Improving DNS Privacy with Oblivious DoH in 1.1.1.1:
Biggest gripe I have with DoT/DoH and the like is it distracts from potentially useful enhancements like ESNI or ECH. ESNI was a thing right up until the moment it wasn't. I don't have any tin foil, let alone a tin foil hat, but I do wonder what is driving these technologies and those who wield disproportionate influence in the industry.
ZDNET is a purveyor of crap a lot of the time but this should make people think:
https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/
China blocks this because it keeps them from being all seeing, all knowing...
Anyhow, I hate being sold without due compensation. Tracking me, I should get a percentage of the take...
Russia have a plans to doing the same in next year because of very big political crisis and power social protests like in Belorussian with dictatorship of Lukashenko.
-
Yes.
https://qna.habr.com/q/862669
