An industry group of internet service providers has branded Firefox browser maker Mozilla an “internet villain” for supporting a DNS security standard. The U.K.’s Internet Services Providers’ Association (ISPA), the trade group for U.K. internet service providers, nominated the browser maker for its proposed effort to roll out the security feature, which they say will […]
You must follow our rules and protections and don't ask questions. Wait-you're doing your own thing? Without our permission?? You are clearly evil for deciding to not subject yourself to our all-knowing rules and protections. We must make this known!
Ugh, I hate this all-or-nothing mentality. HTTP has a place and a lot of local devices are never going to have SSL certificates which means now you have to click through a bunch of warnings to manage local devices that never get routed over the Internet. At least make an exception for nonroutable IPs.
Ok small exception for local websites. Not sure why you have extra clicks for http though. That should be normal.
My point things that servers connected to the internet at large should all be done over https. Http is not secure.
Data is transmitted in plaintext. That means passwords sent over the line like this are open.
>That means passwords sent over the line like this are open
No, not at all. Passwords were not being sent in plaintext even with http, at least in properly made services. We solved that problem decades ago by using hashes.
Since this is likely to be a comment thread ful of reasonably informed people: how do we feel about the Brave browser? It's built on chrome which makes me wary, but it seems very privacy focused. Thoughts?
Chromium itself is not really a problem. There is a huge fuss over the updated extensions API, as it seems that Google is making changes that are negative for content filters like uBlock and uMatrix. Brave and Vivaldi have stated that they will continue to support the legacy API, and Opera will also make sure that adblocking works.
My personal opinion is that Firefox is back to the glory days though.
We should. It’s a really nice browser. Takes the cleanest of Chrome and focuses on privacy. In a world where privacy (in my opinion) is becoming more and more of a problem, it’s nice to see companies that work to secure their users’ data and privacy. Plus it has built-in Adblock and even lets you tip sites you love with some crypto currency.
I use an application called pi hole to give me DNS based ad blocking by preventing access to domains known to serve advertising. I also redirect all traffic on my network going out on port 53 to the pi hole so that even if a device is hard coded for a different DNS server it will go to the pi hole. I can’t distinguish a DNS request over https from any other regular https traffic however and so I can’t block ads if this technology becomes widespread.
No encrypted DNS with HTTPS = everyone on the network knows which domains you are querying, but not which pages.
encrypted DNS using as DoH as HTTPS = nobody knows which domains you visit. nobody knows what urls you visit. It uses **the same port as HTTPS**, so they can't block it. If they did, all web traffic over HTTPS dies.
encrypted DNS using DoT as TLS = it does not use the HTTPS port, so your ISP can block the TLS port. Which means you are forced to fall back on un-encrypted DNS or DoH. Falling back to un-encrypted DNS means everyone on the network can see your domain queries as plain text.
there was a time when DNS wasnt so critical.
We would remember a servers IP address, or keep a local DNS table and customize whatever literal URL names for the IP address,now the URL or the link is usually inhuman[mangled; shortened; redirected, incredibly long or complex]
and we need DNS.
The DOH is an interesting front.
Im thinking about how could someone deny traffic hops to machines with no visible DNS traffic, so if you cant block based on IPs then you can block based on DNS opacity