Read some info on DNS vs HTTPS but I'm confused (maybe). Is HTTPS more secure than DNS. The article I read wasn't very clear or I didn't understand it. TIA
@janrif Read:
https://en.wikipedia.org/wiki/DNS_over_HTTPS
Also see Yngve's answer here: https://forum.vivaldi.net/post/843736
Has been available in Vivaldi for a long time, courtesy of Chromium, but only available as a setting under
chrome://settings/security
Now it's available as a setting in the Vivaldi UI in Snapshot releases.
By default DoH is enabled and set to OS Default. It will detect if your local OS is set to one of the supported providers and set the browser to use DoH with that provider. Otherwise it will fall back to using the OS DNS provider.
Is HTTPS more secure than DNS.
You're mixing up "DNS over HTTPS" and the HTTPS protocol.
Generally I believe DoH is overrated as a privacy measure and causes needless complication and difficulty troubleshooting. So I don't use it. Depends how much you trust your current DNS provider (usually your ISP) I guess.
@janrif
it's called DNS over Https, and it secures your connection additionally.
one example:
you go to a cafe and connect to their WiFi, than the owner could see, that you are surfing at netflix. because, when you open a tab and open Netflix, your browser asks the DNS server how to connect to Netflix. and this transmission is not secured. the owner of the cafe can't see, what you are watching, because the datastream from Netflix to your browser is secured via https.
so if you enable DoH, the whole communication is secured.
and of course, it's much more relevant if it's not you watching Netflix but maybe a reporter in a foreign country who want to read websites, which bring. problems to them.
@derDay said in DNS vs HTTPS:
you go to a cafe and connect to their WiFi, than the owner could see, that you are surfing at netflix.
It's a valid point, for people who do that. For a desktop PC, not so much.
Another problem is, such networks often have captive portals that require a login before granting access to the internet:
https://en.wikipedia.org/wiki/Captive_portal
In such cases, if the DoH-enabled browser tries to access for instance
https://doh.opendns.com/dns-queryit will fail because it won't be able to find the IP for that host. I assume the browser will fall back to using the normal DNS resolver in such cases though to avoid this case, and the log will only show a DNS request for the DoH host and nothing more.
and of course, it's much more relevant if it's not you watching Netflix but maybe a reporter in a foreign country who want to read websites, which bring. problems to them.
Also a good point, journalists and others living under oppressive regimes will need to take care to mask their network activity as much as possible, and DoH helps with that.
However, such "internet cafe" networks behind captive portals are also proxied. And a proxy can easily decrypt network connections before sending them on. Meaning the protection offered by HTTPS is moot. Security Services can then visit the cafe with a warrant and obtain the network logs.
Basically, if you're worried about privacy, don't use internet cafes
.