Post 9kXSnmxFZanzcJCrku by KitsuneAlicia@octodon.social
(DIR) More posts by KitsuneAlicia@octodon.social
(DIR) Post #9kXF7r9aGxJD4aeO9o by ScottMortimer@infosec.exchange
2019-07-05T04:30:25Z
3 likes, 12 repeats
UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' | ZDNetUK government and local ISPs are putting the pressure on browsers to drop plans to support DoH protocol.https://www.zdnet.com/article/uk-isp-group-names-mozilla-internet-villain-for-supporting-dns-over-https/
(DIR) Post #9kXFKJFzbv8zi1aPKK by bortzmeyer@mastodon.gougere.fr
2019-07-05T09:26:16Z
0 likes, 1 repeats
@ScottMortimer Censors don't like anti-censorship techniques? What a surprise. #DoH
(DIR) Post #9kXFQdeggPoii89fF2 by carbontwelve@d20hero.club
2019-07-05T09:27:27.872529Z
0 likes, 0 repeats
@ScottMortimer Ugh, this enrages me so much. DoH is a positive step in the right direction.
(DIR) Post #9kXFo2bK6MHijsjxwm by espectalll@mstdn.io
2019-07-05T09:31:43Z
0 likes, 0 repeats
@ScottMortimer I still need some explanation as to how DNS-over-HTTPS is so bad for parental controls (as if you couldn't pick up a custom DoH with a blocklist, use routers with firewalls, so on)... of course, if that was their ONLY (true) concern, this wouldn't be an issue
(DIR) Post #9kXGJOywwIH586kHfU by carbontwelve@d20hero.club
2019-07-05T09:37:21.474988Z
0 likes, 0 repeats
@espectalll @ScottMortimer as far as I am aware most ISPs in the UK execute their parental controls/government mandated blocking at the DNS level. If those DNS queries are masked from them then the method by which they use for filtering is disabled.DNS based parental controls work for the majority of the general public because they do not require the consumer to install anything and are pretty much click this button and its enabled on all your devices connected to this broadband connection instantly.They are however quite dumb, I can change the DNS servers I use and domains that had been "blocked" by my ISP are now available. This makes ISPs sad because the DNS blocking approach is a simple, cheap way of toeing the line with what the government is imposing on them regardless of its ineffectiveness.
(DIR) Post #9kXGf3kAaFRHdB9waO by espectalll@mstdn.io
2019-07-05T09:41:17Z
0 likes, 0 repeats
@carbontwelve @ScottMortimer ...and can't they just enforce DoH servers?
(DIR) Post #9kXIVEvyK667Lk7pIG by hedders@mastodon.social
2019-07-05T10:01:55Z
0 likes, 1 repeats
@espectalll @ScottMortimer isn't the essence of the problem that, because DoH allows apps to select their own DNS resolvers rather than taking from the OS, a malicious app could bypass safe / filtered resolvers in favour of their own without the user knowing (or the ISP being able to guard against)? So not so much Mozilla's fault as a problem with the protocol?
(DIR) Post #9kXIap31TrKCno5LJw by espectalll@mstdn.io
2019-07-05T10:02:56Z
0 likes, 0 repeats
@hedders @ScottMortimer you can also configure apps already to use custom DNS resolvers - you communicate with those resolvers using plaintext though, so it's not like anything changes from a surveillance/blocking perspective
(DIR) Post #9kXKRjkc0N9FfzGkK0 by hedders@mastodon.social
2019-07-05T10:23:43Z
0 likes, 0 repeats
@espectalll @ScottMortimer Ah! Good to know. Would I be right in thinking though that the ISPs' complaint - that they are legally obliged to filter out certain stuff and that DoH makes that much harder - is still a valid one? (setting aside the wisdom or otherwise of the law which requires this)
(DIR) Post #9kXNvDj7vwEquDKCq8 by espectalll@mstdn.io
2019-07-05T11:02:38Z
0 likes, 0 repeats
@hedders @ScottMortimer Indeed, although they can still know which DoH resolver you're trying to use, block it and offer their own DoH instead, as well as when you establish a connection with a website for the first time (so they still get that as well!).Also, it's not like they lobbied against those laws, they were pretty much fine with them, and they are more so now.
(DIR) Post #9kXORatpJWK02alaeu by espectalll@mstdn.io
2019-07-05T11:08:30Z
0 likes, 0 repeats
@hedders @ScottMortimer (actually, it's not exactly like that either if you use DoH along DNSSEC: https://blog.cloudflare.com/encrypted-sni/)
(DIR) Post #9kXSnmxFZanzcJCrku by KitsuneAlicia@octodon.social
2019-07-05T11:57:09Z
0 likes, 0 repeats
@espectalll @hedders @ScottMortimer So, basically, use a VPN proxy that also supports DNS request forwarding, or failing that, a secure DNS that supports DNSSEC.Also avoid malware that can track your location such as Facebook's and Google's apps. Custom ROM on Android phones that don't use Google's apps, for example, is a good start.
(DIR) Post #9kXVW3ooR0A6ZMUwZE by opal@pl.wowana.me
2019-07-05T12:27:46.269649Z
0 likes, 1 repeats
@one DoH isnt necessary, there's already DNS over TLS, dnscrypt, and other lightweight standards that dont require the fucking http stack
(DIR) Post #9kXVgym3WvDc6rPnlI by succfemboi@iscute.moe
2019-07-05T12:29:43.166413Z
0 likes, 0 repeats
@oneVaccines are bad because the government opposes antivax
(DIR) Post #9kXVy26UP6c9MK6XrM by opal@pl.wowana.me
2019-07-05T12:32:48.032968Z
1 likes, 0 repeats
@one shitty companies pushing shitty standards, colour me surprised
(DIR) Post #9kXW3sRbEMav8clW1Q by chebra@mstdn.io
2019-07-05T12:33:51Z
0 likes, 0 repeats
@one This saying used to be about China... times change
(DIR) Post #9kXYJ8o8sCnY8niQrI by hedders@mastodon.social
2019-07-05T12:59:01Z
0 likes, 0 repeats
@espectalll @ScottMortimer Hm. Hard to see what the ISPs are complaining about then. Thank you; it's been an education.
(DIR) Post #9kXkVcV1VNqv9XUQgi by sillystring@infosec.exchange
2019-07-05T15:15:38Z
0 likes, 0 repeats
@espectalll @carbontwelve @ScottMortimer The UK could start blacklisting DNS servers that do not comply. Ugh, better not give them any ideas.
(DIR) Post #9kXrh51YUU0WU97Njc by maxmustermann@shitposter.club
2019-07-05T16:36:16.581748Z
0 likes, 0 repeats
@scottmortimer Nobody listens to the English has-beens.
(DIR) Post #9kYXK9OgGJ9dSigRxQ by RedLore@todon.nl
2019-07-06T00:22:42Z
0 likes, 0 repeats
@ScottMortimerMozilla should wear their 'Internet Villain' award as a badge of pride. The UK government's constant attack on internet privacy, such as the Investigatory Powers Act and the 'porn block', needs to be stopped. ISP's and the government should not be allowed to spy on you. If the police think you have done something wrong they should get a warrant and search your house.
(DIR) Post #9kcNclAQF36QMXYCTA by Thann@mastodon.social
2019-07-07T20:52:32Z
0 likes, 0 repeats
@ScottMortimer imagine what they will call them when they include handshake protocol addresses!
(DIR) Post #9ko5AfRRlWIAVmVkRM by nifker@mastodonten.de
2019-07-13T12:22:26Z
0 likes, 0 repeats
@espectalll @ScottMortimer If you install parental control on the device itself then it will still be able to achieve what it should, but proxies wont be able to block DNS requests anymore(which is basically not a bad thing)