Hey, thanks for mentioning this project. I am using it now and immediately created a small PR with some comments: https://github.com/julian-klode/dns66/pull/19
So the issue here is that many hosts sources are not available via TLS. This is not the dev's fault, but the fault of the hosts-maintainers. The dev is right that the attack vector is only a DoS attack in the sense that a MitM could disable the access to specific hosts. Still, I think the situation should be improved. I am not completely sure how. Maybe someone should provide a hosts file that is served via TLS and more trustworthy. I am currently hosting https://adaway.org/hosts.txt via GitHub + Cloudflare, but its not really updated regularly. Cheers Dominik On 10/25/2016 11:26 PM, Nathan of Guardian wrote: > I have considered this as an Orbot feature, along with some of the No > Root Firewall /Little Snitch capabilities. Obviously that would impact > anonymity, but perhaps no more than NoScript or HTTPsEverywhere already > does? > > On Tue, Oct 25, 2016, at 01:28 PM, Hans-Christoph Steiner wrote: >> >> This is an interesting app: DNS66. It uses the VPN API to provide >> system-wide ad blocking without root access. It just handles DNS, no >> other traffic, and uses the standard ad blocking blacklists to filter >> the DNS requests. >> >> https://www.reddit.com/r/Android/comments/59a8qm/dns66_a_dns_based_adblocker_that_works_systemwide/ >> >> .hc >> _______________________________________________ >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> To unsubscribe, email: [email protected] > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
