On 4/28/20 9:16 AM, ac wrote:
On Tue, 28 Apr 2020 08:13:11 -0400
Alvin Starr <[email protected]> wrote:
<snip so many cool things around here somewhere>
How about DNS over TOR?
as usual, LOVE the way you think :)
How about just plain old DNSSEC?
(instead of a nanny) - yay, IT Works! - and is so mature
already...(without all the risks of having/using a nanny)
I thought DNSSEC was more to secure the content of the query and not the
communication channel.
But I my DNSSEC knowledge is spotty at best.
and using connectivity providers (instead of third parties and dns over
https) -- for caching/recursive, like Bell (Bell CA actually does not
track/record/monetise their users DNS querries afaik)
All the Canadian carriers will always work to maximize their profit
because they are obligated to by their shareholders.
So always assume they are monetizing anything they can even in the face
of public denials.
They all perform deep packet inspection so assume anything the is in the
clear will be monetized.
I am not saying they are evil.
Its just that their profit motive may not be in the end users best interest.
Problems all solved?
my further opinions are that any "nanny" type "free" service where
someone else decides what and where i may or may not go or what i
may or may not see, needs to be either well
regulated/controlled/open/published/etc or simply not be
accepted...
Sometimes nannies are good things.
yes, nannies are 'sometimes' good things, but for some people BAD
nannies are sometimes even better :)
Are you thinking of the Nanny from Queen's Fat Bottomed Girls?
People without the wherewithal or interest in managing their own
security likely are in need of a nanny.
again, dnssec already protects users, it just needs wider adoption,
which is the issue.. .as for "shared" domains like outlook.com - abuse
management costs will increase? - which is probably why dnssec has
never caught on, it is not "sexy" (like some nannies...)
I have had mixed luck with DNSSEC from the point of view of internal
implementation and have fallen back to SEC-less.
As a side story.
DNS(bind) has been SO reliable over the years that people have not
upgraded their software.
A month or so ago a few customers had their DNS partly break because the
old DNSSEC root keys were removed.
The solution was to turn off DNSSEC till they were able to upgrade the
software.
anyway, i am probably a minority as i also do not like/use/support
very popular and world dominating services such as 'whatsapp' and i
do not tweet or post photos of my food on insta and i have zero
tiktok vids
I have a feeling your take is not a minority on this list.
ooh, warm & fuzzies to you too, I have a home *sigh* :)
Ya. Safe at home some times feels like locked in trying to avoid the
zombie apocalypse.
--
Alvin Starr || land: (647)478-6285
Netvel Inc. || Cell: (416)806-0133
[email protected] ||
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
