XPerceniol Posted March 19 Share Posted March 19 (edited) After doing research I realized Encrypted Hello is not possible on FF68ESR so my main concern is why secure DNS is not activated. anybody listening on the wire can see the DNS queries I made even though both my router and devices are set to use 1.1.1.1 and 1.0.0.1. It detects that I AM using a secure DNS rosolver but not over a secure connection. Huh ........ ....... does this mean mypal68 cant not securely meet up to any secure and private DNS like Quad9? Do you buy any chance know what is happening @Sampei.Nihira - you've always been very helpful with these tests. Thank you in advance and I realize you are busy so no quick reply is needed ... I'm not leaving any time soon. https://www.cloudflare.com/ssl/encrypted-sni/ Edited March 19 by XPerceniol 1 Link to comment Share on other sites More sharing options...
seven4ever Posted March 20 Share Posted March 20 Isen't ECH only for FF 85 + based browsers ? https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/ 1 Link to comment Share on other sites More sharing options...
XPerceniol Posted March 20 Share Posted March 20 (edited) 4 hours ago, seven4ever said: Isen't ECH only for FF 85 + based browsers ? https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/ I believe you are right, that would account for the Secure SNI part, but I'm more concerned about Secure DNS. Anybody listening on the wire can see the DNS queries I made even though both my router and devices are set to use 1.1.1.1 and 1.0.0.1. It detects that I AM using a secure DNS resolver but not over a secure connection. This is directly from the test result itself as you can see in the picture. Quote We detected you're using 1.1.1.1 (a secure DNS resolver) but not over a secure connection. Anybody listening on the wire can see the DNS queries you make when using the internet. Thank you for the reply seven4ever Edited March 20 by XPerceniol Link to comment Share on other sites More sharing options...
seven4ever Posted March 20 Share Posted March 20 (edited) According to the site : https://support.mozilla.org/fr/kb/dns-via-https-firefox DoH was ready on Firefox in 2019. Firefox 68 is out July 9, 2019 : https://www.mozilla.org/en-US/firefox/68.0/releasenotes/ Not sure it was included. I presume Mypal 68 have too old base for theses functions. Perhaps for Mypal 85 ? Edited March 20 by seven4ever Link to comment Share on other sites More sharing options...
XPerceniol Posted March 20 Share Posted March 20 (edited) 1 hour ago, seven4ever said: According to the site : https://support.mozilla.org/fr/kb/dns-via-https-firefox DoH was ready on Firefox in 2019. Firefox 68 is out July 9, 2019 : https://www.mozilla.org/en-US/firefox/68.0/releasenotes/ Not sure it was included. I really get the feeling it is included I just don't know what to do with the settings/pfefs. Hopefully somebody can help us. Here is what I show: Also: network.http.altsvc.enabled;true network.http.altsvc.oe;true EDIT: I just manually added the string: network.trr.default_provider_uri;https://mozilla.cloudflare-dns.com/dns-query Still the same result on the test and can not get a secure connection to 1.1.1.1 Edited March 20 by XPerceniol Link to comment Share on other sites More sharing options...
seven4ever Posted March 20 Share Posted March 20 (edited) here : https://www.inmotionhosting.com/support/security/dns-over-https-encrypted-sni-in-firefox/ It correspond to my graphical settings via privacy menu on Firefox 115.9 Esr. Edited March 20 by seven4ever Link to comment Share on other sites More sharing options...
XPerceniol Posted March 20 Share Posted March 20 (edited) 1 hour ago, seven4ever said: here : https://www.inmotionhosting.com/support/security/dns-over-https-encrypted-sni-in-firefox/ It correspond to my graphical settings via privacy menu on Firefox 115.9 Esr. Thank you VERY VERY much @seven4ever (I ran out of likes) you solved this issue with that article!!! I followed your advice and now here is my results for Mypal68. I NOW have a secure connection to 1.1.1.1. Quote Nobody listening on the wire can see the DNS queries you make when you are browsing the internet Solved! Edited March 20 by XPerceniol Link to comment Share on other sites More sharing options...
seven4ever Posted March 20 Share Posted March 20 You're welcome! Secure Sni is an important feature too, hope we will get it on a future release. 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted March 20 Share Posted March 20 (edited) 22 hours ago, XPerceniol said: 2. These are my only settings for DNS that I use on mypal68. I mean to put this under the last posting - I use 1.1.1.1 and 1.0.0.1 on my router and in the XP connection network settings. You don't have much malware/phishing protection with CloudFlare DNS. Try this service and see if it fits your needs. https://controld.com/free-dns Personally, I would choose 3rd Party Filters configurations. The best choice might be OISD full which is not convenient to include in the adblock filter lists because it's too many rules. Of course you then have to uncheck the anti-malware/phishing filter lists that you possibly use in adblock. Edited March 20 by Sampei.Nihira 2 Link to comment Share on other sites More sharing options...
XPerceniol Posted March 20 Share Posted March 20 7 hours ago, Sampei.Nihira said: You don't have much malware/phishing protection with CloudFlare DNS. Try this service and see if it fits your needs. https://controld.com/free-dns Personally, I would choose 3rd Party Filters configurations. The best choice might be OISD full which is not convenient to include in the adblock filter lists because it's too many rules. Of course you then have to uncheck the anti-malware/phishing filter lists that you possibly use in adblock. Thank you and I will look into that dns resolver you mentioned. I hope you're doing well. Link to comment Share on other sites More sharing options...
feodor2 Posted March 28 Share Posted March 28 (edited) cauldronfire is a cancer contaminates whole web. To suggest give up your data in chase for "secooorety" is either ignorance or being vermin with them. Everybody please take time to read the novel and understand where leads the inspired obsession with "secooorety" https://i.4pcdn.org/tg/1467947329951.pdf or https://archive.org/details/epdf.pub_jack-williamson-with-folded-hands1d05f1195c81076f66d774b4012a34e585195 by the way https://github.com/Feodor2/Mypal68/issues/261 Edited March 28 by feodor2 by the way 1 Link to comment Share on other sites More sharing options...
Karla Sleutel Posted March 28 Share Posted March 28 6 hours ago, feodor2 said: cauldronfire is a cancer contaminates whole web. To suggest give up your data in chase for "secooorety" is either ignorance or being vermin with them. Everybody please take time to read the novel and understand where leads the inspired obsession with "secooorety" https://i.4pcdn.org/tg/1467947329951.pdf or https://archive.org/details/epdf.pub_jack-williamson-with-folded-hands1d05f1195c81076f66d774b4012a34e58519 Yes, controld is utter garbage, thanks for bringing it to our attention! I don't know why would anyone suggest it here in the first place. I think there needs to be some sort of post checking against dangerous advice that user gives. 1 Link to comment Share on other sites More sharing options...
Saxon Posted March 28 Share Posted March 28 On 3/20/2024 at 5:39 PM, Sampei.Nihira said: You don't have much malware/phishing protection with CloudFlare DNS. Try this service and see if it fits your needs. https://controld.com/free-dns Personally, I would choose 3rd Party Filters configurations. The best choice might be OISD full which is not convenient to include in the adblock filter lists because it's too many rules. Of course you then have to uncheck the anti-malware/phishing filter lists that you possibly use in adblock. ControlD is a DNS service by the makers of Windscribe VPN. Windscribe has a strong social media presence, but not actually secure as they claim to be. Windscribe had a major security breach last year. It's pricey compared to the competition. ControlD founders (Yegor Sak, Alex Paguis and Mark Ulicki) - not Canadian names at all, but claim to be based in Canada, a "five eyes" country. I advise against using it. https://www.howtogeek.com/856154/windscribe-vpn-review/ https://windscribe.com/ https://windscribe.com/knowledge-base/articles/who-owns-windscribe/ Link to comment Share on other sites More sharing options...
egrabrych Posted April 7 Share Posted April 7 On 3/19/2024 at 4:46 PM, XPerceniol said: https://www.cloudflare.com/ssl/encrypted-sni/ Which version of Mypal68 did you use to open this page? For me, version 68.13.5 did it correctly, but since version 68.13.7 this page opens only for a moment and then disappears, replaced by an empty window. Link to comment Share on other sites More sharing options...
XPerceniol Posted April 7 Share Posted April 7 (edited) 1 hour ago, egrabrych said: Which version of Mypal68 did you use to open this page? For me, version 68.13.5 did it correctly, but since version 68.13.7 this page opens only for a moment and then disappears, replaced by an empty window. Hi there ... it was in fact 68.13.9, but something literally changed recently because I also am now getting the same exact result - opens then right away to a blank page so you can't run the test - I don't know what happened? its the same result in 360 Chrome redux, and Serpent 52 and New Moon, so not the fault of Mypal; would seem, its CF. Edited April 7 by XPerceniol 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now