XPerceniol Posted April 7 Share Posted April 7 (edited) But, I booted to Open SUSE and the test https://www.cloudflare.com/ssl/encrypted-sni/ ... runs fine with all check marks, but no longer with XP it would seem, I wonder if Vista and 7 are in the same situation? Here is where I got the test from. https://www.ghacks.net/2019/04/29/check-if-your-browser-uses-secure-dns-dnssec-tls-1-3-and-encrypted-sni/ Edited April 7 by XPerceniol Link to comment Share on other sites More sharing options...
Skorpios Posted April 7 Share Posted April 7 My results (XP Pro SP3) MP68 13.9b: page goes blank after ~1 sec MiniB: page goes blank after ~1 sec 360Redux: page goes blank after ~1 sec --- NM28: DNSSEC and TLS 1.3 OK, Secure DNS and Secure SNI fails Supermium 122: all 4 tests OK 2 Link to comment Share on other sites More sharing options...
XPerceniol Posted April 7 Share Posted April 7 Strange because Mypal did in fact work when I posted those test results. They must have changed something between that time and now. Link to comment Share on other sites More sharing options...
Skorpios Posted April 8 Share Posted April 8 Yup, MP68 passed 3 out of 4 tests when I changed my settings on March 20 after reading the link seven4ever pointed you to. A new mystery for someone else to solve. I'm not too worried, after all I've been running without Secure DNS for years and nothing bad has happened so far... No AV, no router, only Windows firewall and running as Admin... Maybe tomorrow, who knows... https://philosophy.stackexchange.com/questions/18402/what-is-the-fallacy-nothing-bad-has-happened-so-nothing-bad-will-happen 1 Link to comment Share on other sites More sharing options...
XPerceniol Posted April 8 Share Posted April 8 20 hours ago, Skorpios said: ...Maybe tomorrow, who knows... https://philosophy.stackexchange.com/questions/18402/what-is-the-fallacy-nothing-bad-has-happened-so-nothing-bad-will-happen Lol at that link - thank you for sharing it :) Link to comment Share on other sites More sharing options...
dmiranda Posted April 8 Share Posted April 8 On 4/7/2024 at 7:36 PM, XPerceniol said: I booted to Open SUSE and the test https://www.cloudflare.com/ssl/encrypted-sni/ You can check if DOH is working setting user_pref("network.trr.mode", 3) - i generally use 2 (check https://github.com/bagder/TRRprefs). Also note that you do not need (and definitely don't have) to use cloudfare, which is the default for DOH -check https://github.com/curl/curl/wiki/DNS-over-HTTPS for a long list of alternatives. If security is your concern, check quad9 (I personally use "quad9 security" at the network connection level, and another alternative, in the list above, for DOH in FF derivatives (including mypal). 1 Link to comment Share on other sites More sharing options...
feodor2 Posted April 12 Share Posted April 12 I have put for some time alredy network.trr.resolvers;[{ "name": "NextDNS", "url": "https://firefox.dns.nextdns.io/" }] And as I told do not trust third party, yes your providers may leak you data, but not sure, at least it is to make an effort to do, instead you seggest deliberately leak you data directly. 2 Link to comment Share on other sites More sharing options...
XPerceniol Posted April 12 Share Posted April 12 (edited) 5 hours ago, feodor2 said: network.trr.resolvers;[{ "name": "NextDNS", "url": "https://firefox.dns.nextdns.io/" }] Hi Feodor! Does this mean firefox has their own resolver? NextDNS", "url": "https://firefox.dns.nextdns.io/ 5 hours ago, feodor2 said: ...yes your providers may leak you data, but not sure Just curious, are you suggesting to trust our own ISP's dns resolver? Thanks and be well. Sal Edited April 12 by XPerceniol Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 15 Share Posted April 15 Your ISP knows your traffic whether or not you use their DNS resolver or somebody else's DNS resolver, be that through your web browser, your OS, or your routers DNS capabilities. So you can either do it all through your ISP or you set a different DNS and now you've DOUBLED the amount of "data" collected 'in your name' because now your ISP and that third-party DNS has logged your every move. 1 Link to comment Share on other sites More sharing options...
Dixel Posted April 15 Share Posted April 15 3 hours ago, NotHereToPlayGames said: Your ISP knows your traffic whether or not you use their DNS resolver or somebody else's DNS resolver, be that through your web browser, your OS, or your routers DNS capabilities. So you can either do it all through your ISP or you set a different DNS and now you've DOUBLED the amount of "data" collected 'in your name' because now your ISP and that third-party DNS has logged your every move. Not exactly true. There are publicly known ways of modern encryption to avoid that. Therefore, at best - they will know only the sites you connect to, but not traffic. 4 Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 15 Share Posted April 15 (edited) 2 hours ago, NotHereToPlayGames said: Your ISP knows your traffic whether or not you use their DNS resolver or somebody else's DNS resolver, be that through your web browser, your OS, or your routers DNS capabilities. So you can either do it all through your ISP or you set a different DNS and now you've DOUBLED the amount of "data" collected 'in your name' because now your ISP and that third-party DNS has logged your every move. That depends on which country you live in and how data protection is organised there. Your statement certainly applies to the USA, but not to Germany, for example. Here is a link to a provider with no-logging policy that I would trust and whose server can be used even as a normal DNS resolver: Freifunk München I would use this service if I didn't trust my local provider. But in my country, data protection is a valuable asset. So I just use my local provider with own DNS resolver. But I could increase safety considerably if I wanted to. All inside my country. And if I were also to use one of my paid VPN services with a no log strategy outside my country, then ... Edited April 15 by AstroSkipper Update of content 2 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 15 Share Posted April 15 1 hour ago, Dixel said: they will know only the sites you connect to, but not traffic True. I guess I kind of see these two as one in the same. I guess the difference is whether my ISP knows if I visit MSFN or if I download illegal content via Torrent or Onion. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 15 Share Posted April 15 (edited) On 4/12/2024 at 3:46 PM, XPerceniol said: are you suggesting to trust our own ISP's dns resolver? 39 minutes ago, AstroSkipper said: Your statement certainly applies to the USA Agreed as far as other countries. I was answering an enquiry from a fellow USA member. Edited April 15 by NotHereToPlayGames 2 Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 15 Share Posted April 15 22 minutes ago, NotHereToPlayGames said: 1 hour ago, AstroSkipper said: Your statement certainly applies to the USA Agreed as far as other countries. I was answering an enquiry from a fellow USA member I just wanted to counter the impression I've gained here in the last few pages that you can't really do anything for your own internet safety. 1 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 15 Share Posted April 15 (edited) I wouldn't call it "safety", more along the lines of "privacy". One school of thought is "I'm not doing anything 'wrong', let them collect all the data they want". The other school of thought is "I was fired for saying something online, after hours, not work-related, not even a high-traffic web site, but the boss didn't agree with my statement". Edited April 15 by NotHereToPlayGames Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now