🌐 Website Issue | The VPN page doesn't mention encrypted DNS #1314
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1314
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
I think the warning should also include recommending encrypting DNS as otherwise the network administrator or attacker in local network can manipulate DNS queries or even anyone between you and the DNS server can do that.
I don't know if this would require more explanation including that if you use a VPN, your DNS goes through the VPN and using both simultaneously would require trusting both providers. And if the user is using Tor, they should let Tor/exit-nodes perform DNS to not taint circuits or send all traffic through one circuit (even while Tor exit-node is comparable to untrusted/unsecured open network).
Im not sure about this one, the warning is already pretty long, if we make it any longer people my skip reading it at all.
I think encrypted DNS is an important base for https as the untrusted network could otherwise be sending users to wrong places and trigger certificate warnings.
Could you make a pull request to show how you would like it?
Sure, seems simple enough and I think HTTPS could become a link alongside it. I cannot give schedule promises though: