Rebooting your computer sometimes fixes problems, it doesn't really reveal anything about the cause though, right?
-
-
no, but turning DoH back on slowed browsing to a treacle again… do it a few times and it starts being compelling evidence. Perhaps the ISP throttles TCP to CDNs, perhaps it has SSL MITM which breaks DoH. I don't know and I don't care 'cos my mum lives 4hrs away and I need a fix.
1 reply 0 retweets 3 likes -
Replying to @cynicalsecurity @bagder and
Sure, It's possible the ISP was doing SSL MITM. I care about that, I don't want your mums email being inspected without permission. I guess if you don't care, then resolving this problem was an unwelcome chore, but just allow malicious ISPs shouldn't be the default right?
1 reply 0 retweets 4 likes -
Yes, right, let's pick the most unlikely reason… the reason, which I bothered to analyse, is that the ISP is small, does not peer at major peering points, is on a local IXP and is, fundamentally, only suitable for local traffic. DoH and the hundreds of DNS requests make it slow.
2 replies 0 retweets 1 like -
Replying to @cynicalsecurity @bagder and
I was just repeating the reason you gave. Sure, disabling DoH might be the answer in some situations, but you agree we shouldn't *default* to plaintext protcols like http/telnet/dns, because in rare cases it's acceptable, right?
1 reply 0 retweets 3 likes -
No, you are putting a data transfer protocol, a remote access protocol and a name resolution protocol in the same category. DoH is not securing DNS, it is sending all requests to the same location which, for privacy, is lethal.
2 replies 0 retweets 7 likes -
Replying to @cynicalsecurity @bagder and
Right, I listed a bunch of plaintext protocols together that have encrypted counterparts, telnet => ssh, http => https, dns => doh. Not sure what is wrong with that. It seems like a really ridiculous claim that DoH is worse for privacy than DNS, but interested to hear why.
2 replies 0 retweets 1 like -
In the EU with the GDPR it would be most unwise to log all DNS requests from customers without reason and without consent. Once the request is then made by the ISP's DNS it is then one amongst a multitude providing privacy. DoH providers are US-based. Bad start…
1 reply 0 retweets 1 like -
Replying to @cynicalsecurity @bagder and
Tavis Ormandy Retweeted Matthew Prince 🌥
Three things, I'm European and I use encrypted protocols. DoH is just a protocol, you can use it with both nodes in Europe if that makes you happy. Thirdly, see this tweet, major providers already do comply with GPDR and Privacy Shield, so non-issue
https://twitter.com/eastdakota/status/1181620950653181952 …Tavis Ormandy added,
Matthew Prince 🌥Verified account @eastdakotaReplying to @floorter @taviso and 4 othersThat’s correct. We have presence in London (EU for a bit longer) and Lisbon and comply with Privacy Shield and GDPR. Counter intuitively, we have *much* stronger protections against US gov’t requests as a US-based global company. But understand that’s not the general perception.2 replies 0 retweets 1 like -
Tavis, please, don't treat me like an idiot… "encrypted protocol" because the issue with DNS is that they sniff the link between you and the ISP so you exchange it for giving a single party all your DNS traffic in a nice identifiable way? Encryption to surrender privacy…
2 replies 0 retweets 1 like
Dude, I can't even parse that statement. Your queries have to go somewhere, and it's obviously better that only one party can see the queries. If that's treating you like an idiot, then I guess I'm an idiot, because I really think encrypting queries is a good idea.
-
-
I think we'll agree to differ.
1 reply 0 retweets 0 likes -
Replying to @cynicalsecurity @bagder and
It's not about agreeing, I just can't understand your argument.
1 reply 0 retweets 0 likes - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.