Jump to content

MyPal 68

Jody Thornton
 Share

Recommended Posts

XPerceniol

XPerceniol

Posted
Posted (edited)

But, I booted to Open SUSE and the test https://www.cloudflare.com/ssl/encrypted-sni/

... runs fine with all check marks, but no longer with XP it would seem, I wonder if Vista and 7 are in the same situation?

Here is where I got the test from.

https://www.ghacks.net/2019/04/29/check-if-your-browser-uses-secure-dns-dnssec-tls-1-3-and-encrypted-sni/

Edited by XPerceniol
Link to comment
Share on other sites

Skorpios

Skorpios

Posted
Posted

My results (XP Pro SP3)

MP68 13.9b: page goes blank after ~1 sec
MiniB: page goes blank after ~1 sec
360Redux: page goes blank after ~1 sec

---

NM28:  DNSSEC and TLS 1.3 OK, Secure DNS and Secure SNI fails
Supermium 122: all 4 tests OK

2
Link to comment
Share on other sites
Skorpios

Skorpios

Posted
Posted

Yup, MP68 passed 3 out of 4 tests when I changed my settings on March 20 after reading the link seven4ever pointed you to. A new mystery for someone else to solve. I'm not too worried, after all I've been running without Secure DNS for years and nothing bad has happened so far... No AV, no router, only Windows firewall and running as Admin... 

Maybe tomorrow, who knows...
https://philosophy.stackexchange.com/questions/18402/what-is-the-fallacy-nothing-bad-has-happened-so-nothing-bad-will-happen
 

1
Link to comment
Share on other sites
dmiranda

dmiranda

Posted
Posted
On 4/7/2024 at 7:36 PM, XPerceniol said:

I booted to Open SUSE and the test https://www.cloudflare.com/ssl/encrypted-sni/

You can check if DOH is working setting user_pref("network.trr.mode", 3) - i generally use 2 (check https://github.com/bagder/TRRprefs). Also note that you do not need (and definitely don't have) to use cloudfare, which is the default for DOH -check https://github.com/curl/curl/wiki/DNS-over-HTTPS for a long list of alternatives. If security is your concern, check quad9 (I personally use "quad9 security" at the network connection level, and another alternative, in the list above, for DOH in FF derivatives (including mypal).

 

1
Link to comment
Share on other sites
feodor2

feodor2

Posted
Posted

I have put for some time alredy

network.trr.resolvers;[{ "name": "NextDNS", "url": "https://firefox.dns.nextdns.io/" }]

And as I told do not trust third party, yes your providers may leak you data, but not sure, at least it is to make an effort to do, instead you seggest deliberately leak you data directly.

2
Link to comment
Share on other sites
XPerceniol

XPerceniol

Posted
Posted (edited)
5 hours ago, feodor2 said:

network.trr.resolvers;[{ "name": "NextDNS", "url": "https://firefox.dns.nextdns.io/" }]

Hi Feodor!

Does this mean firefox has their own resolver? NextDNS", "url": "https://firefox.dns.nextdns.io/

5 hours ago, feodor2 said:

...yes your providers may leak you data, but not sure

Just curious, are you suggesting to trust our own ISP's dns resolver?

Thanks and be well.

Sal

Edited by XPerceniol
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

Your ISP knows your traffic whether or not you use their DNS resolver or somebody else's DNS resolver, be that through your web browser, your OS, or your routers DNS capabilities.

So you can either do it all through your ISP or you set a different DNS and now you've DOUBLED the amount of "data" collected 'in your name' because now your ISP and that third-party DNS has logged your every move.

1
Link to comment
Share on other sites
Dixel

Dixel

Posted
Posted
3 hours ago, NotHereToPlayGames said:

Your ISP knows your traffic whether or not you use their DNS resolver or somebody else's DNS resolver, be that through your web browser, your OS, or your routers DNS capabilities.

So you can either do it all through your ISP or you set a different DNS and now you've DOUBLED the amount of "data" collected 'in your name' because now your ISP and that third-party DNS has logged your every move.

Not exactly true. There are publicly known ways of modern encryption to avoid that. Therefore, at best - they will know only the sites you connect to, but not traffic.

4
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
2 hours ago, NotHereToPlayGames said:

Your ISP knows your traffic whether or not you use their DNS resolver or somebody else's DNS resolver, be that through your web browser, your OS, or your routers DNS capabilities.

So you can either do it all through your ISP or you set a different DNS and now you've DOUBLED the amount of "data" collected 'in your name' because now your ISP and that third-party DNS has logged your every move.

That depends on which country you live in and how data protection is organised there. Your statement certainly applies to the USA, but not to Germany, for example. Here is a link to a provider with no-logging policy that I would trust and whose server can be used even as a normal DNS resolver: Freifunk München :) I would use this service if I didn't trust my local provider. But in my country, data protection is a valuable asset. So I just use my local provider with own DNS resolver. But I could increase safety considerably if I wanted to. spanachee.gif All inside my country. :thumbup And if I were also to use one of my paid VPN services with a no log strategy outside my country, then ... :whistle: bybye.gif

Edited by AstroSkipper
Update of content
2
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted
1 hour ago, Dixel said:

they will know only the sites you connect to, but not traffic

True.  I guess I kind of see these two as one in the same.

I guess the difference is whether my ISP knows if I visit MSFN or if I download illegal content via Torrent or Onion.

Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted (edited)
On 4/12/2024 at 3:46 PM, XPerceniol said:

are you suggesting to trust our own ISP's dns resolver?

 

39 minutes ago, AstroSkipper said:

Your statement certainly applies to the USA

 

Agreed as far as other countries.  I was answering an enquiry from a fellow USA member.

Edited by NotHereToPlayGames
2
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted
22 minutes ago, NotHereToPlayGames said:
1 hour ago, AstroSkipper said:

Your statement certainly applies to the USA

 

Agreed as far as other countries.  I was answering an enquiry from a fellow USA member

I just wanted to counter the impression I've gained here in the last few pages that you can't really do anything for your own internet safety. :P

1
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted (edited)

I wouldn't call it "safety", more along the lines of "privacy".

One school of thought is "I'm not doing anything 'wrong', let them collect all the data they want".

The other school of thought is "I was fired for saying something online, after hours, not work-related, not even a high-traffic web site, but the boss didn't agree with my statement".

Edited by NotHereToPlayGames
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...