📝 Correction | Encrypted DNS can be anonymous with DNSCrypt v2 protocol #1822
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1822
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
While writing #1821, I have just discovered that the DNSCrypt v2 protocol supports anonymized DNS queries. Here is the documentation.
It seems to only be implemented in one software at the moment, in dnscrypt-proxy.
Maybe other softwares such as Simple DNSCrypt, which is based on dnscrypt-proxy, may implement (or will in the future) anonymized DNS queries, but at the moment it seems from this listing that it's not the case.
Why I am making the suggestion
In https://www.privacytools.io/providers/dns/ , it's written:
DNSCrypt v2 seems to fix this issue, and there is a concrete application.
My connection with the software
Well that's not fully true. It exist exist the eSNI problem.
Very interesting, I admit I have no expertise in DNS and such, I am more of a savvy end-user (I can adopt a new protocol/framework but I could certainly not tweak it nor make one).
I found this article about eSNI, is this what you were referring to? From the doc, I understand that SNI had an issue with privacy, but eSNI should solve this. However, I did not find any mention about eSNI on the DNSCrypt v2 doc.
Maybe asking them directly may help clarify this issue :-)
The problem with eSNI is that every visiting server need to support it and I sadly guess most doesn't care.
It's also still a draft and many may be opting to wait for it to stabilize first.