Support DNS-over-HTTP (DoH)
-
With Google Chrome you can enable DoH using feature flags at the command line. However the same feature flags don't appear to work with Vivaldi. See instructions here: https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-google-chrome
-
We did have the option briefly but for some reason it was removed.
I gave up trying to keep up with what browsers are doing what, and just have DoH & DoT in the OS do all browsers and software are using it anyway.
Check out DNSCrypt
-
@bc3tech said in Support DNS-over-HTTP (DoH):
With Google Chrome you can enable DoH using feature flags at the command line. However the same feature flags don't appear to work with Vivaldi. See instructions here: https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-google-chrome
Different instructions for Vivaldi:
-
This feature isn't a great idea - how much effort should we go to rewriting OS functions in browsers...
If it is something people really want, it should at least be disabled by default.
-
Don't worry, finally Microsoft have decided they need to update the OS DNS system and it will be added to Win10 at some point.
Also no mainline browser has DoH on by default and none have said they intend to enable by default.
-
Not available for my platform...so i have no choice but to not use it..
I see no reason for it now so no loss. -
In W10 I have it enabled
PD I use Quad9 DNS
>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
@Catweazle So chromium based browsers are changing the dns at the operating system level.
firefox does this within the browser itself as i had no issues with the firefox implementation until recently when i discovered it does not work anymore.
not certain why my platform is an issue.
-
DoH works natively very well in Firefox-Nightly & its siblings. I was exasperated for a long time that it remains natively unavailable in Linux chromium-based browsers, so once i discovered
dnscrypt-proxy.service& muddled my way through grasping how to deploy it, it became my new default, always active:steffie@archlinuxTower[~] 10:37:32 Wed Jul 08 $> sudo systemctl status dnscrypt-proxy.service [sudo] password for steffie: ● dnscrypt-proxy.service - DNSCrypt-proxy client Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-07-06 10:30:41 AEST; 2 days ago Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki Main PID: 740 (dnscrypt-proxy) Tasks: 14 (limit: 4915) Memory: 45.1M CGroup: /system.slice/dnscrypt-proxy.service └─740 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml steffie@archlinuxTower[~] 10:37:42 Wed Jul 08 $>I continue to look forward impatiently to chromium [in Linux] catching up to FF re native DoH, but at least now i have better protection than otherwise until they do.
https://browserleaks.com/dns :
DNS Leak Test With insufficient configuration, it is possible that the browser's DNS requests will be sent to the ISP DNS server directly, and not sent through the VPN or Proxy. Thus, a malicious website will be able to find out the name of your real ISP, and the ISP will know your endpoint IP and which sites you visit. DNS Leak Test shows which DNS servers your browser uses to resolve domain names. This test attempts to resolve 100 randomly generated domain names asynchronously, 50 with A record (IPv4-only) and 50 with both A and AAAA records (IPv4+IPv6). Your IP Address IP Address Nope uh-uh not happening no way nick off these are not the droids for which you're looking. Location Australia, Sydney DNS Leak Test Test Results Found 2 Servers, 1 ISP, 1 Location Your DNS Servers IP Address : ISP : Location : 108.162.248.59 CLOUDFLARENET Australia, Sydney 2400:cb00:26:1024::6ca2:f83b CLOUDFLARENET Australia, Sydney -
What I get in Browserleaks
>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
@Catweazle Deleted, sorry, my error.
Yeah, now you're kinda comparing apples to oranges. If i disabled JS for that site i'd also get that too, but this is one site that i DO want JS active.
I use uMatrix, with a global policy that JS is disabled by default, as are cookies. I then tune it for individual sites i trust. However that is really off-topic IMO to this thread.
-
@JohnConnorBear , as I said, trust, I don't trust myself in the net. In DNS I usually use 9.9.9.9 or sometimes 1.1.1.1, VPN I use Proton, where I already use the mail.
I guess it's a pretty acceptable arrangement.
Nor should you enter paranoia and prevent access to half the pages with too much shielding. Many pages are broken with too much anonymization.
Ultimately it always depends on user behavior and common sense. -
@JohnConnorBear , I do not think exactly the same, I make a difference between freedom of opinion and the call to hatred and violence. I think that everyone's freedom ends where it conflicts with that of the the rest.
Regarding tracking, if I am concerned for a simple reason. It does not matter so much that a company with which I have an account, tracks me, but I do care if they sell this data to third parties and from there they spread to not who else. It is at this point that the privacy problem becomes a serious security problem. -
@JohnConnorBear , I think it is certainly not difficult to largely avoid tracing. But if you can't avoid it completely at the same time when you go online, not even using TOR and VPN, even less now when big companies are already starting to use quantum computing (which certainly gives me goose bumps).
-
DoH and VPNs do not stop tracking at all. they just stop people sniffing the data.
Almost all the tracking is done via the browser itself, which is why there is a separate private build of Firefox made to use with TOR.
You can't make Vivaldi that private.If you want real reason for goosebumps, consider this instead of quantum computing;
Google Deep Mind "AI" (pfft ! Machine Learning) has admin access to all of Google networks and systems.Just glad they never named it Proteus
-
@Dr-Flay , you can consider Google with quantum computing AND deep mind, Google has both of them.
Sorry for make your day
-
@JohnConnorBear I think you are purposefully misinterpreting my comments for some reason, or just see everything the way you want to see it.
As for the goosebumps comment, you completely miss the point I made.
The point is about letting a biased automated system have admin access to all levels of everything in any company is a dumb idea.
If Google AI (or any other) is for example put in charge of making decisions in your local hospitals, courts, power stations or is in charge of managing automated vehicles etc.
A biased system can and will make bad judgements which affect human lives, no matter if they personally use any of the services.
A system with carte blanche access to everything and system privileges is a golden-egg of a target for hackers or management misuse.Considering the whole point of fingerprinting is for unique (as possible) tagging and targeting of individuals, it serves almost exclusively for tracking users in a variety of ways.
Tracking is not specific to following an individual from site to site for the purpose of advertising.
I use a variety of tools such as Spiderfoot to find data-points on a target (the profiling stage). This may be handed to the Solicitors building the case I have been brought in for, or mostly for network projects I am involved with.
Combining them together I get a good overview of where and when a threat is or was, and what type of threat it or they are.
With this info I can then track that threat backwards and forward in time.
Tracking can be done well after the event.
You can use seemingly unrelated info from unrelated sites and accounts to profile and trace.Your use of the words profiling and tracing is more specific than actually is in general use.
You can profile and trace in all manner of ways, and none have to be cookies, scripts or hidden beacons.Back to my actual point, that no level of secure DNS or use of VPN or TOR will help keep you private if you leave great big muddy footprints all over the web. This includes using the alternative Firefox.
The fact you used a certain email address in multiple places may be enough to break your privacy.Using encrypted DNS is for most people simply a way to stop the ISP or people on your network being too nosey. Nothing more as it can't offer much more than that.
It could and should be used for authentication which is as important if not more as this is a security issue rather than privacy.
Trusting that the DNS you are using is the one you thought it was, and the site you are on is using the right IP, and that they also have a trusted and authentic DNS, would be much more useful to everyone.
We have had the ability for a long time but no browser makers bother to support it, because almost no site admin configure their sites to use it, because no browsers support it... round and round we go. -
This has been an interesting thread, lol.
Thanks @Catweazle , I have DoH enabled now too. I also use Quad9 in conjunction with Proton's paid DNS (passthrough DNS servers out of my own Pi-Hole).
And just to chime in on the tracking/tracing bit and use of tor: The whole point of anonymity is to prevent tracking. There are excellent ways to do that in Vivaldi through the use of misinformation (trace) and through tor by making all browsers look exactly the same and encrypting all other data...especially with the use of Tor Over VPN.
You won't get tracked from one website to the next if everything is configured correctly and your habits are sound. It's a lot to set up at first and to learn, but once you're there, it's easy.Also, @Catweazle regarding companies selling your info, this might help a little if you haven't heard of it: https://app.anonaddy.com/
Good enough free, but i'd recommend at least the $1/mo option for the 2 usernames. One used for places permitted to identify you for legal reasons and one for anonymous usage. PGP compatible so at least from the service to your inbox is encrypted, obv can't do anything about making the senders use pgp but if they want to, they can. -
Just Published this tutorial to enabling DNS over TLS in Linux using Systemd :
https://medium.com/@jawadalkassim/enable-dns-over-tls-in-linux-using-systemd-b03e44448c1c -
@Jawad88 Come to linux via a chromium flag eventually.?
