DNS/VPN: make the unencrypted parts more clear? #1383
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1383
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
ZDNet: DNS-over-HTTPS causes more problems than it solves, experts say was linked in Nebulo's Telegram group and with it in mind, I read the two of our pages that refer to encrypted DNS:
I think we are mostly good, except that
And I think we are especially good on telling people to look for anonymity with Tor instead of a VPN and "However you shouldn't use encrypted DNS with Tor. This would direct all of your DNS requests through a single circuit, and would allow the encrypted DNS provider to deanonymize you." as the linked article tells people to use DoH over Tor which would lead to spoiling circuits.
Note that it is truly specifically referring to DNS-over-HTTPS and not "encrypted DNS" — I've been saying that in Matrix for a while, DNS-over-TLS is better, generally.
However, their points are still mostly fearmongering and DoH is still better than nothing at all. "DoH Helps Criminals"? That just sounds like they're repeating UK propaganda. Their other point:
...does not apply to us, because we don't claim that DoH is the ultimate solution to your privacy woes. Because unlike other sites, we're not hacks.
This is still true and understandable within context, so I don't see why it needs to be removed, necessarily.
We should mention ESNI somewhere. Also, I assume you are referring to OSCP which has nothing to do with encryption and is irrelevant here.