Firefox secure DNS?

On 6/4/2020 9:22 AM, nospam wrote:
In article , Yousuf Khan
wrote:
But the fact of the
matter is that between the VPN server and your IP address there is a
wall of encryption.

all that means is that your isp can't see what you're doing.

the vpn provider is able to see what sites you're visiting and some of
them will track you and monetize that, notably free vpns.

the question becomes whom do you trust more, your isp or a random vpn
provider with a fancy website (which is trivial to set up) ?

The real issue is not whether these entities can see you, it's whether
your government can see you. Local ISP's have to comply with their own
government rules, which may require sending information to the local
government. Setting up with an overseas VPN reduces your exposure to
whatever government surveillance is happening locally.

Without breaking through that encryption, you can't
tell what the true IP address is behind the VPN.

there are ways to determine it without breaking encryption, but that
doesn't actually matter.

Yes, and those methods require constant sophisticated surveillance and
it requires that you be targetted, as opposed to simply being caught in
a wide metadata net. No need to make it easier on the surveyors.

an ip address is not the only factor in tracking users.

Yes, there are cookies and stuff, which don't require a static IP
address, but those cookies are presumably coming from websites that you
do want to visit. You are giving your personal info to people who you
want to visit, but you don't want anybody in between knowing anything
about that. It's only between you and the endpoint, but no midpoints.

Yousuf Khan

In article , Carlos E. R.
wrote:


That is 0.3 seconds to respond, and that is slow. It is just a fact. No
misconfiguration whatsoever.

it's slower than other dns servers, but in the grand scheme of things,
it's not going to be noticeable when the sites take much longer to
load.

for example, https://www.theverge.com takes a couple of seconds to
load (and i'm on a very high speed link). a difference of 300ms isn't
going to matter.

It matters when you consider that loading a page may mean connecting to
a hundred different hosts.

a hundred different hosts is a stretch, however, sites that connect to
several hosts is common and just extends the total time for page load
due to the many different connections, which means dns overhead is
still lost in the noise.

faster dns will make it slightly faster, but its rarely going to be
noticeable unless it's a benchmark.

In article , Yousuf Khan
wrote:

But the fact of the
matter is that between the VPN server and your IP address there is a
wall of encryption.

all that means is that your isp can't see what you're doing.

the vpn provider is able to see what sites you're visiting and some of
them will track you and monetize that, notably free vpns.

the question becomes whom do you trust more, your isp or a random vpn
provider with a fancy website (which is trivial to set up) ?

The real issue is not whether these entities can see you, it's whether
your government can see you.

that depends on which government and which entities.

the fact is that a vpn just changes the entity who can see you from
your local isp to a vpn provider.

the question is which one do you trust more?

Local ISP's have to comply with their own
government rules, which may require sending information to the local
government. Setting up with an overseas VPN reduces your exposure to
whatever government surveillance is happening locally.

they also can do things that the government doesn't require, such as
tracking and selling your data for their own profit.

Without breaking through that encryption, you can't
tell what the true IP address is behind the VPN.

there are ways to determine it without breaking encryption, but that
doesn't actually matter.

Yes, and those methods require constant sophisticated surveillance and
it requires that you be targetted, as opposed to simply being caught in
a wide metadata net. No need to make it easier on the surveyors.

no it doesn't. not even close to correct.

it's very easy to find out someone's true ip address unless they've
taken steps to prevent it, and if they don't cover all their bases, it
still can leak.

your belief that it requires sophisticated surveillance indicates you
are unaware of how it's done, thus you have not taken any steps to
prevent it from happening.

in other words, you very likely are leaking a lot more data than you
think you are.

an ip address is not the only factor in tracking users.

Yes, there are cookies and stuff, which don't require a static IP
address, but those cookies are presumably coming from websites that you
do want to visit. You are giving your personal info to people who you
want to visit, but you don't want anybody in between knowing anything
about that. It's only between you and the endpoint, but no midpoints.

it's more than just cookies, which also aren't required.

start by reading about browser fingerprinting.

On 6/4/20 11:16 AM, nospam wrote:
In article , Mark Lloyd
wrote:

Also, the ISPs DNS does not return an error when it
should, it returns a junk page instead (with a mess in the address bar).

which is in technically not allowed.

In this case, I wish that meant ACTUALLY not allowed.

--
Mark Lloyd
http://notstupid.us/

"I know I believe in nothing but it is my nothing"

In article , Mark Lloyd
wrote:

Also, the ISPs DNS does not return an error when it
should, it returns a junk page instead (with a mess in the address bar).

which is in technically not allowed.

In this case, I wish that meant ACTUALLY not allowed.

there is no enforcement, so there's nothing to stop anyone from doing
it, especially since it's very profitable, and with the chairman of the
fcc being bribed by isps to look the other way, there won't ever be any
enforcement, at least in the usa.

In article , Mark Lloyd
wrote:

* Also, the ISPs DNS does not return an error when it
should, it returns a junk page instead (with a mess in the address bar).

which is in technically not allowed.

It is broken. Disgusting practice. Creates havoc with other services
that are not html, which try to connect, say, to the wrong IMAP server
and not knowing about the error.

Change DNS provider.

I currently have 1.1.1.1 and 9.9.9.9. Should those be OK?

1111 doesn't substitute ads for dns failures. i haven't tried 9999 but
i doubt it does.

On 2020-06-04 4:58 p.m., Mark Lloyd wrote:
On 6/4/20 11:16 AM, nospam wrote:
In article , Mark Lloyd
wrote:

Â* Also, the ISPs DNS does not return an error when it
should, it returns a junk page instead (with a mess in the address bar).

which is in technically not allowed.

In this case, I wish that meant ACTUALLY not allowed.


You can use DNS bench by Steve Gibson to help you choose DNS servers.

https://www.grc.com/dns/benchmark.htm

Rene

On Thu, 4 Jun 2020 16:58:00 -0500, Mark Lloyd wrote:

On 6/4/20 11:16 AM, nospam wrote:
In article , Mark Lloyd
wrote:

Also, the ISPs DNS does not return an error when it
should, it returns a junk page instead (with a mess in the address bar).

which is in technically not allowed.

In this case, I wish that meant ACTUALLY not allowed.

Time Warner (now part of Spectrum) did that, and it was highly
annoying. I didn't mind the page so much, but messing with the URL:
meant that I couldn't just edit what I had mistyped.

--
Stan Brown, Tehachapi, California, USA
https://BrownMath.com/
https://OakRoadSystems.com/
Shikata ga nai...