Does Vivaldi support DNS over HTTPS ?



  • Hi,
    I would like to know whether Vivaldi supports DNS over HTTPS ?
    Thought of asking this query after reading this article.
    Does the browser need to support/enforce this feature to take advantage of DoH ?

    https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/

    https://www.ghacks.net/2018/04/02/cloudflare-launches-fast-and-privacy-focused-dns-at-1-1-1-1/

    https://blog.cloudflare.com/announcing-1111/

    https://developers.cloudflare.com/1.1.1.1/dns-over-https/



  • Would it not be easier to simply change your DNS server at the router or os level, rather than have settings at the application level?

    I changed the DNS server in Windows network settings and Vivaldi works fine - I'm not sure it needs it's open DNS over http settings.



  • https://freedom-to-tinker.com/2018/04/02/a-privacy-preserving-approach-to-dns/

    I'm quoting from the article (link mentioned above)...
    DNS queries are typically sent in cleartext, and they can reveal significant information that an Internet user may want to keep private, including the websites that user is visiting, the IP address or subnet of the device that issued the initial query, and even the types of devices that a user has in his or her home network. For example, our previous research has shown that DNS lookups can be used to de-anonymize traffic from the Tor network

    DoH is quite better in aspects of privacy
    Third parties have recently been standing up new DNS resolvers that claim to respect user privacy: IBM’s Quad9 (9.9.9.9) and Mozilla/Cloudflare’s 1.1.1.1 operate such open DNS recursive resolvers that claim to purge information about user queries. Mozilla/Cloudflare additionally support DNS over HTTPS, which (like DNS over TLS) will ensure that your DNS queries are encrypted from your browser to its recursive DNS resolver.
    Yet, in all of these cases, a user has no guarantee that information that an operator learns might be retained, for operational or other purposes.



  • I use Quad9 DNS that goes very fine



  • I would really like to know as well. Since Cloudflare is already supporting it and Mozilla is currently experimenting the technology with FireFox. The technology is useless at least on a consumer level if the browser does not support it. Google AFAIK is only testing it on Android at the moment. I'm not sure how that would translate to future support on Chromium browsers.

    @catweazle said in Does Vivaldi support DNS over HTTPS ?:

    I use Quad9 DNS that goes very fine

    Routing thru regular DNS even if it's a privacy-oriented service ia still susceptible to hijacking and other cyberattacks. Your DNS queries still need to travel to their secure servers. Using DoH can potentially reduce risks and man-in-the-attacks and the like.

    This is very important most especially with Vivaldi's strong push for privacy awareness on the web.

    DNS is already old technology and IMHO browser makers need to keep up with latest security controls.

    Having said that, I'm well aware that the technology is new and it could screw some things or outright not connect to anything at all. Just saying that this could be a big plus for privacy sensitive users like myself.



  • @lonm said in Does Vivaldi support DNS over HTTPS ?:

    Would it not be easier to simply change your DNS server at the router or os level, rather than have settings at the application level?

    Sure, especially as then all applications could benefit from it, not only the browser...





  • @lonm said in Does Vivaldi support DNS over HTTPS ?:

    Would it not be easier to simply change your DNS server at the router or os level, rather than have settings at the application level?

    Yes, but not everyone has that ability. For instance, the Ubee modem that Spectrum gave us does not allow the DNS servers to be changed. And this just isn't enough to justify the cost of buying another router to sit behind it.



  • @erufael that still does not rule out the

    … os level …

    option.



  • @rafale until SNI elements of TLS setups are encrypted, connection setups still advertise the requested hostname/IP combination to every listener between you an the server endpoint.

    Since the ISP is guaranteed to be in this path, it gets the sensitive part of DNS requests anyway. Using Cloudflare or Google resolvers just makes shure these organisations also know what domains you are intersted in.

    There are some chicken-and-egg theories considerations concerning DNS over HTTPS and encrypted SNI. But since the later is a much harder problem to solve it will be the deciding factor for relevant privacy improvements in this area.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.