Jump to content

MyPal 68

Jody Thornton
 Share

Recommended Posts

XPerceniol

XPerceniol

Posted
Posted (edited)

spacer.png

After doing research I realized Encrypted Hello is not possible on FF68ESR so my main concern is why secure DNS is not activated.

anybody listening on the wire can see the DNS queries I made even though both my router and devices are set to use 1.1.1.1 and 1.0.0.1. It detects that I AM using a secure DNS rosolver but not over a secure connection. Huh ........ :unsure: ....... does this mean mypal68 cant not securely meet up to any secure and private DNS like Quad9?

Do you buy any chance know what is happening @Sampei.Nihira - you've always been very helpful with these tests. Thank you in advance and I realize you are busy so no quick reply is needed ... I'm not leaving any time soon.

https://www.cloudflare.com/ssl/encrypted-sni/

Edited by XPerceniol
1

XPerceniol

XPerceniol

Posted
Posted (edited)
4 hours ago, seven4ever said:

Isen't ECH only for FF 85 + based browsers ? https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/

I believe you are right, that would account for the Secure SNI part, but I'm more concerned about Secure DNS.

Anybody listening on the wire can see the DNS queries I made even though both my router and devices are set to use 1.1.1.1 and 1.0.0.1. It detects that I AM using a secure DNS resolver but not over a secure connection.

This is directly from the test result itself as you can see in the picture.

Quote

We detected you're using 1.1.1.1 (a

secure DNS resolver) but not over a secure connection.
Anybody listening on the wire can

see the DNS queries you make

when using the internet.

Thank you for the reply seven4ever :)

Edited by XPerceniol
XPerceniol

XPerceniol

Posted
Posted (edited)
1 hour ago, seven4ever said:

According to the site : https://support.mozilla.org/fr/kb/dns-via-https-firefox

DoH was ready on Firefox in 2019.

Firefox 68 is out July 9, 2019 : https://www.mozilla.org/en-US/firefox/68.0/releasenotes/ Not sure it was included.

I really get the feeling it is included I just don't know what to do with the settings/pfefs. Hopefully somebody can help us.

Here is what I show:
spacer.png

Also:

network.http.altsvc.enabled;true

network.http.altsvc.oe;true

EDIT:

I just manually added the string:

network.trr.default_provider_uri;https://mozilla.cloudflare-dns.com/dns-query

Still the same result on the test and can not get a secure connection to 1.1.1.1 :(

Edited by XPerceniol
XPerceniol

XPerceniol

Posted
Posted (edited)
1 hour ago, seven4ever said:

here : https://www.inmotionhosting.com/support/security/dns-over-https-encrypted-sni-in-firefox/

It correspond to my graphical settings via privacy menu on Firefox 115.9 Esr.

Thank you VERY VERY much @seven4ever (I ran out of likes) you solved this issue with that article!!!

I followed your advice and now here is my results for Mypal68.

I NOW have a secure connection to 1.1.1.1.

Quote

Nobody listening on the wire can see the DNS queries you make when you are browsing the internet

spacer.png

Solved!

Edited by XPerceniol
Guest

Guest

Posted
Posted (edited)
22 hours ago, XPerceniol said:

2. These are my only settings for DNS that I use on mypal68.

I mean to put this under the last posting - I use 1.1.1.1 and 1.0.0.1 on my router and in the XP connection network settings. 

spacer.png

spacer.png

You don't have much malware/phishing protection with CloudFlare DNS.
Try this service and see if it fits your needs.

https://controld.com/free-dns


Personally, I would choose 3rd Party Filters configurations.
The best choice might be OISD full which is not convenient to include in the adblock filter lists because it's too many rules.
Of course you then have to uncheck the anti-malware/phishing filter lists that you possibly use in adblock.

:hello:

Edited by Sampei.Nihira
XPerceniol

XPerceniol

Posted
Posted
7 hours ago, Sampei.Nihira said:

You don't have much malware/phishing protection with CloudFlare DNS.
Try this service and see if it fits your needs.

https://controld.com/free-dns


Personally, I would choose 3rd Party Filters configurations.
The best choice might be OISD full which is not convenient to include in the adblock filter lists because it's too many rules.
Of course you then have to uncheck the anti-malware/phishing filter lists that you possibly use in adblock.

:hello:

Thank you and I will look into that dns resolver you mentioned. I hope you're doing well.

feodor2

feodor2

Posted
Posted (edited)

cauldronfire is a cancer contaminates whole web. To suggest give up your data in chase for "secooorety" is either ignorance or being vermin with them.

Everybody please take time to read the novel and understand where leads the inspired obsession with "secooorety"

https://i.4pcdn.org/tg/1467947329951.pdf

or

https://archive.org/details/epdf.pub_jack-williamson-with-folded-hands1d05f1195c81076f66d774b4012a34e585195

 

by the way

https://github.com/Feodor2/Mypal68/issues/261

Edited by feodor2
by the way
1
Karla Sleutel

Karla Sleutel

Posted
Posted
6 hours ago, feodor2 said:

cauldronfire is a cancer contaminates whole web. To suggest give up your data in chase for "secooorety" is either ignorance or being vermin with them.

Everybody please take time to read the novel and understand where leads the inspired obsession with "secooorety"

https://i.4pcdn.org/tg/1467947329951.pdf

or

https://archive.org/details/epdf.pub_jack-williamson-with-folded-hands1d05f1195c81076f66d774b4012a34e58519

 

Yes, controld is utter garbage, thanks for bringing it to our attention! I don't know why would anyone suggest it here in the first place. 

I think there needs to be some sort of post checking against dangerous advice that user gives.

1
Saxon

Saxon

Posted
Posted
On 3/20/2024 at 5:39 PM, Sampei.Nihira said:

You don't have much malware/phishing protection with CloudFlare DNS.
Try this service and see if it fits your needs.

https://controld.com/free-dns


Personally, I would choose 3rd Party Filters configurations.
The best choice might be OISD full which is not convenient to include in the adblock filter lists because it's too many rules.
Of course you then have to uncheck the anti-malware/phishing filter lists that you possibly use in adblock.

:hello:

ControlD is a DNS service by the makers of Windscribe VPN.

Windscribe has a strong social media presence, but not actually secure as they claim to be. 

Windscribe had a major security breach last year. It's pricey compared to the competition.

ControlD founders (Yegor Sak, Alex Paguis and Mark Ulicki) - not Canadian names at all, but claim to be based in Canada, a "five eyes" country.

I advise against using it.

https://www.howtogeek.com/856154/windscribe-vpn-review/

https://windscribe.com/

https://windscribe.com/knowledge-base/articles/who-owns-windscribe/

1
  • 2 weeks later...
XPerceniol

XPerceniol

Posted
Posted (edited)
1 hour ago, egrabrych said:

Which version of Mypal68 did you use to open this page? For me, version 68.13.5 did it correctly, but since version 68.13.7 this page opens only for a moment and then disappears, replaced by an empty window.

Hi there ... it was in fact 68.13.9, but something literally changed recently because I also am now getting the same exact result - opens then right away to a blank page so you can't run the test - I don't know what happened? its the same result in 360 Chrome redux, and Serpent 52 and New Moon, so not the fault of Mypal; would seem, its CF.

Edited by XPerceniol
1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...