that's a troubling equivocation. if a home user cannot trust their ISP, they need something a hell of a lot stronger than DoH. so, that excuse won't wash.
-
-
They obviously, manifestly cannot. I’m on AT&T. AT&T manipulates and records my DNS. There are more of “me” than “you”. Why do “you” win?
1 reply 0 retweets 17 likes -
if AT&T manipulates and records your DNS then they are at moral hazard and ought to be at regulatory hazard -- but you will need something a lot stronger than DoH to make any difference in their success at selling your PII. DoH isn't excused.
1 reply 0 retweets 4 likes -
I honestly do not understand this argument. They monitor and manipulate my DNS now. They cannot do so with DoH.
2 replies 0 retweets 5 likes -
Replying to @tqbf @paulvixie and
They can see the query and response sizes, approximately, and then what IPs you connect to, and then SNI if it's not encrypted. We're a bit from being more fully protected against what some of the NFV gear can profile, but it's progress sort of ...
1 reply 1 retweet 1 like -
In practice, DoH is moving the privacy problem to providers such as Google who have their own not great aligned incentives, CloudFlare, who had CloudBleed, and Cisco/OpenDNS who want to use it sell security.
1 reply 1 retweet 3 likes -
Replying to @colmmacc @paulvixie and
You don’t think that’s just because they’re the organizations best equipped to boot this up, and that the privacy management responsibility will inevitably get moved around to other providers with clearer incentives?
2 replies 0 retweets 2 likes -
Replying to @tqbf @paulvixie and
I'll take Google/CloudFlare/Cisco over the average ISP for now, for sure. It's an improvement. I'm a little worried Google will over time use the data to refine targeted ads, and CloudFlare may penalize competitor CDNs who use DNS queries for locality. It's not ideal!
3 replies 2 retweets 7 likes -
I hope we can build a real e2e encrypted DNS. I'm not even sure we really need central caching any more. Webservers get way more requests than authoritative DNS servers.
2 replies 4 retweets 26 likes -
Replying to @colmmacc @matthew_d_green and
In fact, we already have a solution: DNS Over Blockchain (DoB) with PoC utilizing Etherium Name Service (ENS)https://github.com/Texnomic/SecureDNS …
2 replies 0 retweets 0 likes
DoB is bonkers, with a massive TCB and way too much complexity. It's also neither private, nor encrypted.
-
-
Replying to @colmmacc @matthew_d_green and
Well, I recommend you have a second-look. For Complex: It is 3 API calls to buy or transfer your domain. For Encrypted: Local Node or HTTP/s. For Private: Check ENS Whitepaper.
2 replies 0 retweets 0 likes -
Replying to @Texnomic @matthew_d_green and
It's bonkers! It's like the folks involved don't even know what DNS is used for. What about dynamic records or DNS based load balancing? or geo-routing? Very hard to take seriously.
1 reply 0 retweets 5 likes - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.