❌ Software Removal | Opennic #1258
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1258
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
I think OpenNIC is currently far behind the rest of the content of our encrypted DNS page and may even be a privacy and security issue due to the sites not having valid certificates. Please correct me, if I am wrong.
My comment on our forum:
I recall some of them supported dnscrypt.
https://servers.opennic.org/
Pinging @JonahAragon as I believe he hosts an OpenNic instance.
Edit: Sorry, JonahAragon appears to be an OpenNic Github team member:
https://github.com/orgs/opennic/people
@ggg27 Good point, how does Namecoin manage my concerns? Especially the second, is all traffic E2EE or is there plaintext http involved?
If they are as insecure as I imagine, I think they should be delisted or at least given warnings about possibly putting users at risk.
Do you know about their (OpenNIC & Namecoin) DoH support for Firefox users or DoT support for Android users?
i think we should think about this: do we already have a set of must have requirements. maybe we should make a list, like we did with the VPN section.
OpenNIC is about on par with traditional public DNS providers, but they have not shown any initiative or desire to implement any sort of additional security functionality. Even DNSSEC is somewhat broken or at the very least not entirely implemented. I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future.
I think we will have to write a small requirements like we did in the vpn section.
I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.
#1273
We already require DoH or DoT for DNS with the exception of OpenNIC and Namecoin. I was agreed with on listing DNSCrypt-only servers being pointless due to DNS server sources such as these already being a thing that is natively supported by dnscrypt-proxy.
DNSCrypt is also not supported as widely as DoT and DoH which appear to be becoming the standards of encrypting DNS, we already list pros and cons of those two.