>request domain in plaintext
<everybody knows the domain you are trying to visit
>request domain with tls instead
<it's hidden
o now let's pretend ppl cant just look up the ip address you will connect to
>connect to server in plaintext
<get glowed, also 99% chance that the domain name will shown somewhere anyway (http, irc)
>connect to server with tls instead
<domain name gets leaked during the handshake anyway
tf is the point of trying to hide the dns request if the domain name is then immediately leaked?

shit i meant dns over tls

wtf is the point of DNS at all?

P14519
Fuck off.

They want to hide DNSSEC for some reasons...

Let's DNS over Tor!
$ torsocks dig +tcp +short @dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion -x 1.1.1.1

P14525
DIY

P14543
Well, they do think that your data should be private. They just want to include themselves and the United States government within your circle of privacy.

P14600
So they don't think your data should be private.

P14629
Well they at least support your data being protected from other governments, which is why TikTok is bad but Instagram is good.

P14517
Yes i am very confused like for example Encrypted SNI or (bold: ESNI).

> The Great Firewall of China bans TLS 1.3 & ESNI, because it’s the only thing they can’t spy on. It works!

> Mozilla introduced support for ESNIbut then dropped support for ESNI in favor of ECH (Encrypted Client Hello)
> https://www.ghacks.net/2021/02/24/the-case-of-the-missing-esni-support-in-firefox-85/
(bold: Did Cloudflare create ESNI or do other DNS providers have encrypted ESNI support?)

I hate cloudflare but I am pretty sure DOT is better then DOH in security aspect?
(bold: how is DOH better then DOT and I don't think Tor browser has DOH enabled last time I checked?)

P14759
> [bold: DNS over TLS] uses TCP protocol to make the connection, and it uses TCP port 853, a dedicated port. DNS packets are not modified, they are encrypted thanks to TLS protocol before transmitted.
> [bold: DNS over HTTPS] uses HTTPS protocol to make the connection, and it uses the TCP port 443, a default port. DNS data are encapsulated inside HTTP packets, which are encapsulated thanks to TLS protocol > before transmitted

Pretty sure that even if you are using [bold: HTTPS] your SNI leaks anyway.

Use tor if you want privacy, tbb uses its own dns servers anyways.
You can setup the dns servers at the router level and don't bother again with it. It's only useful if your gouv blocks some domains (it happens in my country).

P14809
PornHub