privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

DNS: add Nebulo as worth mentioning & warn about DoH metadata & sort worth mentioning/additional information into sublists #1200

Merged
Mikaela merged 15 commits from nebulo into master 2019-08-24 14:55:35 +00:00
Conversation 3 Commits 15 Files Changed 2 +40 -13
2 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
_includes/sections/dns.html
View File

@ -281,21 +281,42 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<ul>
<li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.</li>
<li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.</li>
<li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
</ul>
<h3>Worth Mentioning and Additional Information</h3>
<ul>
<li>Firefox comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
<li>Android 9 comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
<li><a href="https://pi-hole.net/">Pi-hole</a> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
<li><a href="https://gitlab.com/quidsup/notrack">NoTrack</a> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
<li><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
<li><a href="https://namecoin.info/">Namecoin</a> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
<li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
<li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
<li><strong>Encrypted DNS clients for desktop:</strong>
<ul>
<li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
</ul>
</li>
<li><strong>Encrypted DNS clients for mobile:</strong>
nitrohorse commented 2019-08-23 04:32:16 +00:00 (Migrated from github.com)
Review
Copy Link

Could we move this directly above or below DNSCloak just to group similar apps together?

Could we move this directly above or below DNSCloak just to group similar apps together?
Mikaela commented 2019-08-23 11:17:30 +00:00 (Migrated from github.com)
Review
Copy Link

How about copying the XMPP syntax from https://www.privacytools.io/software/real-time-communication/#im to do it?

I didn't see the logic before, so I just put it in order of addition. I will try to commit it so we will see how it looks like.

How about copying the XMPP syntax from https://www.privacytools.io/software/real-time-communication/#im to do it? I didn't see the logic before, so I just put it in order of addition. I will try to commit it so we will see how it looks like.
Mikaela commented 2019-08-23 12:11:34 +00:00 (Migrated from github.com)
Review
Copy Link

I think it looks better, but now I have to sort everything else too, not that it's a bad thing:

image

I fear we may be causing merge conflicts for each other depending on which PRs are merged, but if that happens, we can resolve them.

I think it looks better, but now I have to sort everything else too, not that it's a bad thing: ![image](https://user-images.githubusercontent.com/831184/63591714-1851d980-c59f-11e9-8c6b-5769a700ba20.png) I fear we may be causing merge conflicts for each other depending on which PRs are merged, but if that happens, we can resolve them.
<ul>
<li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
<li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>
</ul>
</li>
<li><strong>Local DNS servers:</strong>
<ul>
<li><em><a href="https://namecoin.info/">Namecoin</a></em> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
<li><em><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a></em> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
</ul>
</li>
<li><strong>Network wide DNS servers:</strong>
<ul>
<li><em><a href="https://pi-hole.net/">Pi-hole</a></em> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
<li><em><a href="https://gitlab.com/quidsup/notrack">NoTrack</a></em> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
</ul>
</li>
<li><strong>Further reading:</strong>
<ul>
<li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
<li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
</ul>
</li>
</ul>
</div>
</div>

10
source_code.md
View File

@ -289,8 +289,6 @@ Webpage: https://github.com/opennic/opennic-web
- NoTrack: https://github.com/quidsup/notrack
- Namecoin: https://github.com/namecoin
- Pi-hole: https://github.com/pi-hole
## Encrypted ICANN DNS Providers
@ -305,10 +303,18 @@ PowerDNS: https://github.com/PowerDNS/pdns
### Worth Mentioning and Additional Information
#### Mobile
- DNSCloak: https://github.com/s-s/dnscloak
- Nebulo: https://git.frostnerd.com/PublicAndroidApps/smokescreen/
#### Local DNS servers
- Stubby: https://github.com/getdnsapi/stubby
- Namecoin: https://github.com/namecoin
## Digital Notebook
Joplin: https://github.com/laurent22/joplin