/All/
|
index
catalog
recent
update
post
|
/math/
/tech/
/misc/
/free/
/meta/
/test/
|
Guide
light
mod
Log
P14517
wtf is the fucking point of DNS of TLS anyway?
Fri 2022-10-14 14:56:06
link
reply
4e58c6ed8cf78da684ecf8c07553fbe87ce191213565f49440a1688ca378717a.jpg
166 KiB 1024x1024
>request domain in plaintext
<everybody knows the domain you are trying to visit
>request domain with tls instead
<it's hidden
o now let's pretend ppl cant just look up the ip address you will connect to
>connect to server in plaintext
<get glowed, also 99% chance that the domain name will shown somewhere anyway (http, irc)
>connect to server with tls instead
<domain name gets leaked during the handshake anyway
tf is the point of trying to hide the dns request if the domain name is then immediately leaked?
Referenced by:
P14519
P14523
P14759
P14518
Fri 2022-10-14 14:56:33
link
reply
shit i meant dns over tls
P14525
Fri 2022-10-14 15:47:32
link
reply
732137dda2180b62faf005e9d7f4c89d2261c2111b9996833b9d40258d278166.png
729 KiB 780x826
wtf is the point of DNS at all?
P14519
Fuck off.
Referenced by:
P14540
P14530
From DNSSEC Scamming with love
Fri 2022-10-14 16:12:52
link
reply
They want to hide DNSSEC for some reasons...
P14535
Fri 2022-10-14 16:18:25
link
reply
Let's DNS over Tor!
$ torsocks dig +tcp +short @dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion -x 1.1.1.1
Referenced by:
P14537
P14541
P14540
Fri 2022-10-14 16:59:14
link
reply
P14525
DIY
P14541
Fri 2022-10-14 18:40:38
link
reply
fb425c8f8a2aa6c88d591288513a6f1c9c1ac58d91dcdbba681d0f65b7637e18.png
181 KiB 334x528
P14535
>go to
http://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion
>redirected to https
>on a FUCKING ONION SERVICE
>generic corporate visual that barely loads without js
>Brought to you by Cloudflare.
>w-we believe privacy is a right!
Referenced by:
P14543
P14543
Fri 2022-10-14 18:55:31
link
reply
ce8af52ead4e7bdeadc85b78c5feb0c146315818c4497bc38a56ff92f19f1689.gif
270 KiB 1044x904x0.72s
P14541
>Brought to you by Cloudflare.
>w-we believe privacy is a right!
>Cloudflare
>privacy
Referenced by:
P14545
P14600
P14600
Sat 2022-10-15 09:32:03
link
reply
P14543
Well, they do think that your data should be private. They just want to include themselves and the United States government within your circle of privacy.
Referenced by:
P14629
P14810
P14629
Sat 2022-10-15 18:36:07
link
reply
cd3832a375df9bc70aa23c532cc1bc91c4f796bd0c8d13e8c6ac2722685ccea8.png
992 KiB 1920x1080
P14600
So they don't think your data should be private.
Referenced by:
P14724
P14724
Sun 2022-10-16 17:29:20
link
reply
P14629
Well they at least support your data being protected from other governments, which is why TikTok is bad but Instagram is good.
Referenced by:
P14845
P14759
Server Name Indication & HTTP Headers
Sun 2022-10-16 23:14:30
link
reply
d048a65af03a18aae12e9066a09e9d1b85d09932206fc4433a24b0c595c6328f.png
24.7 KiB 155x114
P14517
Yes i am very confused like for example Encrypted SNI or (bold: ESNI).
> The Great Firewall of China bans TLS 1.3 & ESNI, because it’s the only thing they can’t spy on. It works!
> Mozilla introduced support for ESNIbut then dropped support for ESNI in favor of ECH (Encrypted Client Hello)
>
https://www.ghacks.net/2021/02/24/the-case-of-the-missing-esni-support-in-firefox-85/
(bold: Did Cloudflare create ESNI or do other DNS providers have encrypted ESNI support?)
I hate cloudflare but I am pretty sure DOT is better then DOH in security aspect?
(bold: how is DOH better then DOT and I don't think Tor browser has DOH enabled last time I checked?)
Referenced by:
P14790
P14790
Mon 2022-10-17 04:05:53
link
reply
P14759
>
[bold:
DNS over TLS
]
uses TCP protocol to make the connection, and it uses TCP port 853, a dedicated port. DNS packets are not modified, they are encrypted thanks to TLS protocol before transmitted.
>
[bold:
DNS over HTTPS
]
uses HTTPS protocol to make the connection, and it uses the TCP port 443, a default port. DNS data are encapsulated inside HTTP packets, which are encapsulated thanks to TLS protocol > before transmitted
Pretty sure that even if you are using
[bold:
HTTPS
]
your SNI leaks anyway.
P14808
Mon 2022-10-17 06:55:24
link
reply
Use tor if you want privacy, tbb uses its own dns servers anyways.
You can setup the dns servers at the router level and don't bother again with it. It's only useful if your gouv blocks some domains (it happens in my country).
Referenced by:
P14809
P14832
P14918
P14810
Mon 2022-10-17 07:03:48
link
reply
381635a32bfada27bf8c1e3654eb760f479a84b2e7652a2b0a59d2df25c48248.jpg
225 KiB 600x848
P14600
P14811
Mon 2022-10-17 07:07:38
link
reply
P14809
PornHub
P14845
Mon 2022-10-17 15:36:52
link
reply
32a019664736d6caf8200f5b887d8019ce7f2b8d20076a795f7ae892f5e2fce5.png
1.10 MiB 1920x1080
P14724
>Instagram is good
Referenced by:
P14868
P14918
Tue 2022-10-18 00:05:50
link
reply
34b2aaf6dd11c99bfecbb1624ce21df0fdde2e4004fd4557d55482cf1c5eed86.jpg
51.7 KiB 955x459
P14808
[bold:
nameserver 127.0.0.1
]
Mod Controls:
x
Reason: