On Sun, 29 Dec 2019 03:35:32 +0000 Tomas Kuchta <[email protected]> wrote:
> Could you explain the details why/how DNS over Https would you "not > recommend using it. It's just a way for data-mining > companies to suck up more of your private life"? > > The way I understand it, it is meant to provide privacy from your ISP > and traffic observation along the way to the DNS. It should not make > anything else worse/better. > > Thanks, > Tomas > > On Sun, Dec 29, 2019, 03:01 Tom <[email protected]> wrote: > > > On Wed, 25 Dec 2019 20:14:00 -0800 > > "Mike C." <[email protected]> wrote: > > > > > Has anyone dug into this much or actually using it? > > > > > > It's experimental in Chrome but not currently available in > > > the .deb version. > > > > > > Apparently, It has been a Firefox feature for a few years, but > > > Chrome has been my browser of choice for many years now. > > > > > > OpenWrt supports DoH through DNSMasq and HTTPS-DNS-Proxy. Which is > > > nice because then all your LAN / WLAN devices can use it after > > > setting up once and makes troubleshooting any problems related to > > > it much easier. > > > > > > I know a few years ago, DNSMasq was pretty standard on Ubuntu / > > > Debian based distros. Which makes me think there's probably a > > > HTTPS-DNS-Proxy package for most Linux distros. > > > _______________________________________________ > > > PLUG mailing list > > > [email protected] > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > I would not recommend using it. It's just a way for data-mining > > companies to suck up more of your private life. There's no security > > or reliability to it over normal DNS. In fact, the security and > > reliability is worse. > > > > -- > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug normal DNS queries are decentralized and with DNSSEC tamper resistant. When you encapsulate all your queries and send them to a central server CloudFlare for example, you've just made your situation worse privacy wise. Where as before only your ISP could see just the domain your visiting if they cared to do an active man-in-the-middle attack on your connection, cloudflare with it's 80+% control over popular websites introduces a massive layer of centralization to the act of resolving names. Sending all your queries to them they can sell that userdata, get hacked and leak it all, or be coerced into disclosing it. -- _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
