If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Firefox secure DNS?
On 6/3/2020 6:53 AM, Neil wrote:
Your VPN is unrelated to the DNS question you raised because a VPN still uses the same DNS. Well no, it is completely related, as that's the point of the question. Mozilla is offering to automatically change your DNS requests to a totally separate provider than the one you have chosen, or been default provided through your ISP. The question is how can you trust the DNS providers that Mozilla is routing your DNS through? There is no way for the end user to know whether a DNS provider will track and sell your usage, but I can't imagine a more likely organization to do such a thing than Google. If you're comfortable with their DNS, don't worry about others! ;-) I know that it seems ironic to trust anything provided by Google as safe for privacy, but the Google DNS server is just a standard DNS server. When you access it, you don't have to login to it, so there's no identifiable information about you to access this server. Its basic simplicity is what makes it safe for privacy. The VPN adds another layer of abstraction that hides your identity even further. Whereas with this Mozilla scheme, Mozilla is privy to all kinds of private information about you, through its Firefox browser. I mean it has to know all of this information about you, just to operate properly when browsing the Internet. Through an encrypted connection to DNS, which is not a standard way of accessing DNS, who knows how much other information it is sending through along with just the basic DNS requests? You can encrypt almost anything you want through an HTTPS system, and there's no way for you to find out how much is actually being sent. Yousuf Khan |
Ads |
#17
|
|||
|
|||
Firefox secure DNS?
In article , Yousuf Khan
wrote: Once, you have a VPN, everything goes through the VPN. The VPN becomes your default router. Just like everything goes through a regular default router, including DNS, a VPN default router will also route DNS calls. not always. dns can sometimes leak, or the vpn can be set up for split tunneling. Well, split routing is for internal VPN setups, for example when you use a VPN to access resources at your office from home. External VPN's are just default routers. or when you want an outside vpn for only some traffic. As for DNS leaking, I suppose certain ISP's can setup a special private LAN for all of its customers, through which they can access their DNS through a non-routeable private IP. The private IP LAN is a special route which can't be rerouted by the VPN default routes. But I've never seen any ISP using a private IP to access their DNS servers, they always provide externally routeable IP's for their DNS. dns leaks are more common than you might think. https://en.wikipedia.org/wiki/DNS_leak Using a VPN client which sends DNS requests over the VPN. Not all VPN apps will successfully plug DNS leaks, as it was found in a study by the Commonwealth Scientific and Industrial Research Organisation in 2016 when they carried an in-depth research called "An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps" and found that 84% of the 283 VPN applications on Google Play Store that they tested did leak DNS requests. 83% is rather high. test it he https://www.dnsleaktest.com |
#18
|
|||
|
|||
Firefox secure DNS?
"Yousuf Khan" wrote
| I know that it seems ironic to trust anything provided by Google as safe | for privacy, but the Google DNS server is just a standard DNS server. | When you access it, you don't have to login to it, so there's no | identifiable information about you to access this server. Its basic | simplicity is what makes it safe for privacy. The VPN adds another layer | of abstraction that hides your identity even further. | That may be mostly true for you, if your VPN is trustworthy. (Which is a whole other question.) But the problem with google is universality. A lawsuit was just filed against them for intruding on privacy even when you choose to browse in "incognito" mode. If you don't block numeroud Google domains like googletagmanager, google fonts, google's jquery, googleanalytics, doubleclick, and so on, Google is spying on you at nearly every website you visit.That's what the lawsuit is about. Google is tracking visitors whether they see an ad or not. So if you use Google for DNS it wouldn't be hard for them to match your requests to their spyware web beacons. That may even be partially feasible with VPN. As I heard it, FF is going to default to 1.1.1.1, which seems to be reasonably reputable. The big factor is that your ISP and other online entities can't see the traffic. But if you really want it more private you can use something like Unbound. In other words, there's no reason to trust Mozilla or Google. But trusting Mozilla with encrypted DNS is probably better than doing it in the open and certainly better than using Google. The best would be to use a DNS resolver that encrypts but runs separately from the browser, as a system service. |
#19
|
|||
|
|||
Firefox secure DNS?
In article , Yousuf Khan
wrote: I know that it seems ironic to trust anything provided by Google as safe for privacy, but the Google DNS server is just a standard DNS server. When you access it, you don't have to login to it, so there's no identifiable information about you to access this server. except for your ip address, which can easily be linked back to any other connections you make to google properties from the same ip address. Its basic simplicity is what makes it safe for privacy. The VPN adds another layer of abstraction that hides your identity even further. that depends on the vpn provider. vpn providers can see every connection you make. they can claim 'no logging' but there's no way to prove that. some vpns actively data mine and push ads, as do isps. the question is whom do you trust more, your isp or the vpn provider? |
#20
|
|||
|
|||
Firefox secure DNS?
In article , Mayayana
wrote: | I know that it seems ironic to trust anything provided by Google as safe | for privacy, but the Google DNS server is just a standard DNS server. | When you access it, you don't have to login to it, so there's no | identifiable information about you to access this server. Its basic | simplicity is what makes it safe for privacy. The VPN adds another layer | of abstraction that hides your identity even further. | That may be mostly true for you, if your VPN is trustworthy. (Which is a whole other question.) But the problem with google is universality. A lawsuit was just filed against them for intruding on privacy even when you choose to browse in "incognito" mode. filed by lawyers who cannot read basic english. on the right side of the splash page: https://cdn.mos.cms.futurecdn.net/PzeeRrkgVviqrJcDpGfzj7-970-80.png Your activity *might* *still* *be* *visible* to: €*Websites you visit € Your employer or school € Your internet service provider incognito mode does *not* mean total anonymity, something that is well understood by those who use it. it only means various things are not saved locally on your computer, including history, cookies and forms. |
#21
|
|||
|
|||
Firefox secure DNS?
On 02/06/2020 15.15, nospam wrote:
In article , Neil wrote: On 6/2/2020 8:11 AM, Yousuf Khan wrote: https://support.mozilla.org/en-US/kb...dns-over-https Would you trust this? It seems like it's just randomly ignoring your own DNS server and choosing its own! I'm not sure what you mean by "...your own DNS server...", but there is not much of a way that one can evaluate the "security" of a DNS server anyway. Most users don't change the DNS server that is "chosen" by their ISP, and the relatively few that select a different DNS server aren't likely choosing it on the basis of security. just about everyone who changes dns servers does so for security, mostly because they don't want their isp monitoring and tracking them as well as be stuck using a dns server that is non-compliant and shows ads. Nope. Me and many people I know changed it for speed. -- Cheers, Carlos. |
#22
|
|||
|
|||
Firefox secure DNS?
In article , Carlos E.R.
wrote: I'm not sure what you mean by "...your own DNS server...", but there is not much of a way that one can evaluate the "security" of a DNS server anyway. Most users don't change the DNS server that is "chosen" by their ISP, and the relatively few that select a different DNS server aren't likely choosing it on the basis of security. just about everyone who changes dns servers does so for security, mostly because they don't want their isp monitoring and tracking them as well as be stuck using a dns server that is non-compliant and shows ads. Nope. Me and many people I know changed it for speed. unless your dns is extremely slow, it's nothing you'll ever notice since the time to connect and transfer data from whatever you're connecting to will be the bottleneck. |
#23
|
|||
|
|||
Firefox secure DNS?
On 6/3/2020 12:52 PM, Yousuf Khan wrote:
On 6/3/2020 6:53 AM, Neil wrote: There is no way for the end user to know whether a DNS provider will track and sell your usage, but I can't imagine a more likely organization to do such a thing than Google. If you're comfortable with their DNS, don't worry about others! ;-) I know that it seems ironic to trust anything provided by Google as safe for privacy, but the Google DNS server is just a standard DNS server. When you access it, you don't have to login to it, so there's no identifiable information about you to access this server. Its basic simplicity is what makes it safe for privacy. The VPN adds another layer of abstraction that hides your identity even further. I would suggest that you look into how one can be tracked on the web. Unless you spoof your IP address and other aspects, your web history can be saved and sold. -- best regards, Neil |
#24
|
|||
|
|||
Firefox secure DNS?
On 03/06/2020 20.49, nospam wrote:
In article , Carlos E.R. wrote: I'm not sure what you mean by "...your own DNS server...", but there is not much of a way that one can evaluate the "security" of a DNS server anyway. Most users don't change the DNS server that is "chosen" by their ISP, and the relatively few that select a different DNS server aren't likely choosing it on the basis of security. just about everyone who changes dns servers does so for security, mostly because they don't want their isp monitoring and tracking them as well as be stuck using a dns server that is non-compliant and shows ads. Nope. Me and many people I know changed it for speed. unless your dns is extremely slow, it's nothing you'll ever notice since the time to connect and transfer data from whatever you're connecting to will be the bottleneck. Nope. The bottleneck was the modem. Even today, there are default DNS servers out there that are slow to respond, so that replacing with a local LAN server makes sense. -- Cheers, Carlos. |
#25
|
|||
|
|||
Firefox secure DNS?
In article , Neil
wrote: I know that it seems ironic to trust anything provided by Google as safe for privacy, but the Google DNS server is just a standard DNS server. When you access it, you don't have to login to it, so there's no identifiable information about you to access this server. Its basic simplicity is what makes it safe for privacy. The VPN adds another layer of abstraction that hides your identity even further. I would suggest that you look into how one can be tracked on the web. Unless you spoof your IP address and other aspects, your web history can be saved and sold. and even then. |
#26
|
|||
|
|||
Firefox secure DNS?
In article , Carlos E.R.
wrote: I'm not sure what you mean by "...your own DNS server...", but there is not much of a way that one can evaluate the "security" of a DNS server anyway. Most users don't change the DNS server that is "chosen" by their ISP, and the relatively few that select a different DNS server aren't likely choosing it on the basis of security. just about everyone who changes dns servers does so for security, mostly because they don't want their isp monitoring and tracking them as well as be stuck using a dns server that is non-compliant and shows ads. Nope. Me and many people I know changed it for speed. unless your dns is extremely slow, it's nothing you'll ever notice since the time to connect and transfer data from whatever you're connecting to will be the bottleneck. Nope. The bottleneck was the modem. Even today, there are default DNS servers out there that are slow to respond, so that replacing with a local LAN server makes sense. if it was slow enough to be noticeable, then it was misconfigured and should not be used. that is also very rare. |
#27
|
|||
|
|||
Firefox secure DNS?
On 03/06/2020 22.43, nospam wrote:
In article , Carlos E.R. wrote: I'm not sure what you mean by "...your own DNS server...", but there is not much of a way that one can evaluate the "security" of a DNS server anyway. Most users don't change the DNS server that is "chosen" by their ISP, and the relatively few that select a different DNS server aren't likely choosing it on the basis of security. just about everyone who changes dns servers does so for security, mostly because they don't want their isp monitoring and tracking them as well as be stuck using a dns server that is non-compliant and shows ads. Nope. Me and many people I know changed it for speed. unless your dns is extremely slow, it's nothing you'll ever notice since the time to connect and transfer data from whatever you're connecting to will be the bottleneck. Nope. The bottleneck was the modem. Even today, there are default DNS servers out there that are slow to respond, so that replacing with a local LAN server makes sense. if it was slow enough to be noticeable, then it was misconfigured and should not be used. that is also very rare. No, it was not misconfigured on the client side. And no, it was not rare. cer@Telcontar:~ time host google.es 208.67.222.222 .... Took 0m0,121s to solve. That's too much. That's opendns.com. -- Cheers, Carlos. |
#28
|
|||
|
|||
Firefox secure DNS?
On Wed, 3 Jun 2020 12:52:30 -0400, Yousuf Khan wrote:
I know that it seems ironic to trust anything provided by Google as safe for privacy, but the Google DNS server is just a standard DNS server. When you access it, you don't have to login to it, so there's no identifiable information about you to access this server. Well, there's your IP address, isn't there? -- Stan Brown, Tehachapi, California, USA https://BrownMath.com/ https://OakRoadSystems.com/ Shikata ga nai... |
#29
|
|||
|
|||
Firefox secure DNS?
On 6/3/2020 1:04 PM, nospam wrote:
dns leaks are more common than you might think. https://en.wikipedia.org/wiki/DNS_leak Using a VPN client which sends DNS requests over the VPN. Not all VPN apps will successfully plug DNS leaks, as it was found in a study by the Commonwealth Scientific and Industrial Research Organisation in 2016 when they carried an in-depth research called "An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps" and found that 84% of the 283 VPN applications on Google Play Store that they tested did leak DNS requests. 83% is rather high. As mentioned, I'm not using a split-tunnel VPN, those are specialty cases. No DNS leaks are happening from my end, so let's get away from this diversion. Yousuf Khan |
#30
|
|||
|
|||
Firefox secure DNS?
In article , Yousuf Khan
wrote: dns leaks are more common than you might think. https://en.wikipedia.org/wiki/DNS_leak Using a VPN client which sends DNS requests over the VPN. Not all VPN apps will successfully plug DNS leaks, as it was found in a study by the Commonwealth Scientific and Industrial Research Organisation in 2016 when they carried an in-depth research called "An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps" and found that 84% of the 283 VPN applications on Google Play Store that they tested did leak DNS requests. 83% is rather high. As mentioned, I'm not using a split-tunnel VPN, those are specialty cases. No DNS leaks are happening from my end, so let's get away from this diversion. it's not a specialty case, nor is split tunneling required. a *lot* of people leak dns without even realizing it. at 83% of sampled apps, it's more common that not. the fact that there are several web sites available to check it is further proof. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|