Support DNS-over-HTTP (DoH)
-
DoH and VPNs do not stop tracking at all. they just stop people sniffing the data.
Almost all the tracking is done via the browser itself, which is why there is a separate private build of Firefox made to use with TOR.
You can't make Vivaldi that private.If you want real reason for goosebumps, consider this instead of quantum computing;
Google Deep Mind "AI" (pfft ! Machine Learning) has admin access to all of Google networks and systems.Just glad they never named it Proteus
-
@Dr-Flay , you can consider Google with quantum computing AND deep mind, Google has both of them.
Sorry for make your day -
@JohnConnorBear I think you are purposefully misinterpreting my comments for some reason, or just see everything the way you want to see it.
As for the goosebumps comment, you completely miss the point I made.
The point is about letting a biased automated system have admin access to all levels of everything in any company is a dumb idea.
If Google AI (or any other) is for example put in charge of making decisions in your local hospitals, courts, power stations or is in charge of managing automated vehicles etc.
A biased system can and will make bad judgements which affect human lives, no matter if they personally use any of the services.
A system with carte blanche access to everything and system privileges is a golden-egg of a target for hackers or management misuse.Considering the whole point of fingerprinting is for unique (as possible) tagging and targeting of individuals, it serves almost exclusively for tracking users in a variety of ways.
Tracking is not specific to following an individual from site to site for the purpose of advertising.
I use a variety of tools such as Spiderfoot to find data-points on a target (the profiling stage). This may be handed to the Solicitors building the case I have been brought in for, or mostly for network projects I am involved with.
Combining them together I get a good overview of where and when a threat is or was, and what type of threat it or they are.
With this info I can then track that threat backwards and forward in time.
Tracking can be done well after the event.
You can use seemingly unrelated info from unrelated sites and accounts to profile and trace.Your use of the words profiling and tracing is more specific than actually is in general use.
You can profile and trace in all manner of ways, and none have to be cookies, scripts or hidden beacons.Back to my actual point, that no level of secure DNS or use of VPN or TOR will help keep you private if you leave great big muddy footprints all over the web. This includes using the alternative Firefox.
The fact you used a certain email address in multiple places may be enough to break your privacy.Using encrypted DNS is for most people simply a way to stop the ISP or people on your network being too nosey. Nothing more as it can't offer much more than that.
It could and should be used for authentication which is as important if not more as this is a security issue rather than privacy.
Trusting that the DNS you are using is the one you thought it was, and the site you are on is using the right IP, and that they also have a trusted and authentic DNS, would be much more useful to everyone.
We have had the ability for a long time but no browser makers bother to support it, because almost no site admin configure their sites to use it, because no browsers support it... round and round we go. -
This has been an interesting thread, lol.
Thanks @Catweazle , I have DoH enabled now too. I also use Quad9 in conjunction with Proton's paid DNS (passthrough DNS servers out of my own Pi-Hole).
And just to chime in on the tracking/tracing bit and use of tor: The whole point of anonymity is to prevent tracking. There are excellent ways to do that in Vivaldi through the use of misinformation (trace) and through tor by making all browsers look exactly the same and encrypting all other data...especially with the use of Tor Over VPN.
You won't get tracked from one website to the next if everything is configured correctly and your habits are sound. It's a lot to set up at first and to learn, but once you're there, it's easy.Also, @Catweazle regarding companies selling your info, this might help a little if you haven't heard of it: https://app.anonaddy.com/
Good enough free, but i'd recommend at least the $1/mo option for the 2 usernames. One used for places permitted to identify you for legal reasons and one for anonymous usage. PGP compatible so at least from the service to your inbox is encrypted, obv can't do anything about making the senders use pgp but if they want to, they can. -
Just Published this tutorial to enabling DNS over TLS in Linux using Systemd :
https://medium.com/@jawadalkassim/enable-dns-over-tls-in-linux-using-systemd-b03e44448c1c -
@Jawad88 Come to linux via a chromium flag eventually.?
-
@Priest72 i saw the flag but it's still unavailable, this way you force it from the system so you don't have to wait chromium to enable it,
-
@Jawad88 This...
https://forum.vivaldi.net/post/384119
...continues to work well for me here. -
@guigirl forget waiting for it in the browser and add it to the OS so you have it for everything not just a browser.
MS are adding it at OS level and so is Linux and Apple, so expect to see in-app support for DoH to disappear anyway.Install DNSCrypt proxy with a decent GUI and you have DoH as a default option, plus only using resolvers with DNSSec.
-
Finally, we have native Nix V DoH !!
Oh wow, yay & woohooooooooooooooooooooooooo. Purely by accident, having given up & stopped looking for it months ago, today I discovered that Nix-Chromium, & hence also Nix-Vivaldi, finally DO now have native DoH. OMZ!!! For all I know this advance might have happened months ago. Zowie. So, not saying that these versions necessarily are the first to have DoH, but simply these are my current versions in which I’ve now discovered native DoH:
• Vivaldi Snapshot | Vivaldi 5.1.2526.3 / Chrome 96.0.4664.113
• Chromium | Version 96.0.4664.110 (Official Build) Arch Linux (64-bit)
-
I don't think DoH is any useful because the internet service provider is still able to block and see what sites we are connecting to. If it does not leak during dns query then it will leak during tls handshake. Unfortunately only(not sure) and most popular ways of defeating it is using a vpn or proxy (most of the vpns and proxies are worse than your isp btw). Instead if the web adopted ECH (https://blog.cloudflare.com/encrypted-client-hello/) the golden days of internet censorship and vpns and proxies will be over. Till then you can use DoH in vivaldi and think that no body can see what websites you are trying to visit which of course is incorrect. My isp blocks the sites which are banned in my country even when I have DoH turned on. They know EVERYTHING.
-
@nightmaresama said in Support DNS-over-HTTP (DoH):
Till then you can use DoH in vivaldi and think that no body can see what websites you are trying to visit which of course is incorrect
Only someone fundamentally misunderstanding DoH could possibly think that incorrect way.
IMO DoH [or alternatively DoT] is merely ONE component in a user's self-defence suite. Never have i claimed otherwise. That said, its longtime absence in Nix chromia was a major disincentive for me, especially considering i've been happily using it natively in Nix FF Nightly for a couple of years. Now finally having it available in my V, nicely complements my separate paid-VPN, & my other measures. Personally, my belated discovery t'other day made me happy.
-
@guigirl I found DoH the day it was released in a snapshot because I wanted it more badly than anyone else. While using the default dns my isp would always redirect me to their own advertisement site or sometimes "You Are Not Authorized To View This Webpage" But now while trying to open a blocked site redirects me to "Dns lookup Failed" page or sometimes "The server could not be reached" page Even when the server is completly within reach.
Would be cool if vivaldi added DoH in settings. -
@nightmaresama said in Support DNS-over-HTTP (DoH):
Would be cool if vivaldi added DoH in settings.
Yea, it's just hidden in the chromium settings no one knows about.
-
@Nightmaresama If you wanted it so badly for so long, why didn't you skip waiting for it in individual apps, and just install it in your OS for everything in one go ?
I've been using DoT then DoH since before any of the browsers added support, and still use it now because the OS is where it should be.
https://dnscrypt.info/faqI gave up asking for encrypted DNS support in Vivaldi a long time ago, as it was clear that this was not going to happen because features are added based on user feedback.
Few of us care enough about security and privacy to keep a topic above the noise of topics wanting blinking lights and animations.Yandex was the first browser to add support for encrypted DNS, because they didn't wait for chrome to gain the functionality, but bolted DNSCrypt into the browser instead.
True leader spirit there. That's the sort of stuff we used to get with old Opera.
Now we have to wait until stuff is standard or added by the demands of the wider world.
Even now that it is there, Vivaldi have chosen not to expose the existing ability to use encrypted DNS. -
@dr-flay They will surely do it sometime in the future. Vivaldi is a very small team so development takes time. Chrome and Firefox both have this feature but what is the point of it if they still track our behavior. On the other hand I cannot use an Os wide DNS because I use a live operating system. So all changes are lost when I close the computer. I can still use DoH with this provider "https://dns.adguard.com/dns-query" in vivaldi to block all ads. So, no more need of ad blocker.
-
@nightmaresama , I use also AdGuard DNS, but don't work in YT and other sites, only uBO rules
Only AdGuardDNS
Even with audio advertisingsWith uBO all clean
-
@catweazle I don't like that system wide dns because it is not encrypted like Vivaldi's DoH. Anyone on the same line can see what sites I visit so I only use Vivaldi's DoH.
ADguard dns does not block youtube ads because the ads come from the same ip address as the webpage. Once I blocklisted ytimg.com(the domain from where the ads were coming on youtube) after that all the images on youtube were blocked. -
ummm.... so system wide encrypted DNS is not encrypted.
Interesting. Perhaps you should inform Microsoft and the Linux foundation to not bother with it in the OS as it doesn't work.I would suggest that the flaw in relying on DNS being handled by your individual programs, is that each will differ in implementation, level of capability, support and fixes.
If your world only operates via 1 web browser then maybe you can get away with it (until an in-browser task gets access), but in the mean time all those other things running in the background are talking to the world via the OS DNS.Considering I have been pushing for encrypted DNS support via internal channels since before the browser was public, after a few years is was clear that the problem of a community-driven browser is that the most popular suggestions get added, not the most important.
This is a democracy so votes are what gets features.At the end of the day you prioritise, and functionality is first over security and privacy, which is why Vivaldi does not promote itself as the most private or secure, just one that takes reasonable precautions over such things.
Chromium now comes with the functionality and UI, and the issue of a small team spending lots of dev time is dealt with due to the handy way the UI of Vivaldi is made.
All that is now needed is to expose what is there with a simple UI addition.