How will it?
-
-
Yes, you can disable DoH in Chrome, Firefox and other legitimate applications by using Group Policy, but there is also the aspect of malicious applications or poorly coded applications that don't provide that facility or don't respect it for malicious reasons.
-
Or somehow the default always favours one party, and somehow you keep ending back up that default. You can keep turning off location tracking, but somehow it never sticks.https://fortune.com/2018/08/21/google-location-tracking-lawsuit-ftc/ …
- 12 more replies
New conversation -
-
-
Wait, you can stop legitimate apps from using DoH from the registry, you cannot stop illegitimate ones from doing so. That's the problem here. Capturing all outbound udp53 traffic and scanning it is trivial. Not so for tcp443, even if the tooling was there.
-
Correct, if you allow outbound https then malicious endpoints can tunnel DNS queries over it. The existence of DoH doesn't change that, and they can do it today with or without browser support.
- 2 more replies
New conversation -
-
-
I’m answering your question purely about SSL there, not talking about DoH.
-
Many orgs still work on getting the "break SSL" thing implemented. It might be technical not that difficult, but often you need to fight people, like workers council, when you want to "break encryption".
- 3 more replies
New conversation -
-
-
To be safe, just block all egress traffic
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Wailing and gnashing of teeth is a sign of progress
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
many times that is often a cultural or legal hurdle more so than a technical one
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@taviso it is not about it being possible, but GPO would disable it. The thing here is I want my employees to be able to surf privately HTTP and DNS, but just want to be able to inspect for malicious content to block, investigate, ...Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
