Say (an encrypted) hello to a more private internet.
https://blog.mozilla.org/en/products/firefox/encrypted-hello/
Nothing big, but kinda interesting. I’m excited to see how this will go 👀
Say (an encrypted) hello to a more private internet.
https://blog.mozilla.org/en/products/firefox/encrypted-hello/
Nothing big, but kinda interesting. I’m excited to see how this will go 👀
While this is good for survielience circumventing… It is looking like the beginning of the end of DNS filtering and the popularization of encrypted telemetry.
You can always set up a MITM on your network. But yeah, DNS filtering is doomed in the not so far future.
Does this preclude on device DNS filters?
I think it doesn’t, though I’m not really a network guy.
I read through it, to me, it seems like on/device piHole etc. Would still be fine. But I am not a network guy either
PiHole might be a different story than your local device, I think that one might be affected.
That’s an option, but its a lot of work and all you get in return is broken apps/websites and not being able to tell if someone is mitm-ing you mitm.
I’m sure some engineer out there is going to find a workaround, hopefully without breaking encryption.
Never had a broken website due to my own MITM.
Encrypted DNS has been possible and in use for years (including looking up IP addresses over HTTP, which I’ve caught several apps doing), but this isn’t DNS related.
SNI filtering was pretty popular back in the day, but domain fronting is trivial to set up outside the browser. No SNI filtering setups I’ve come across actually bother to check certificate validity, so generating a self-signed eff.org certificate and using that from within an app would make quick work of most network filters.
I’m afraid firewalls are the only workable solution if you’re not in control of the software you’re running. You can try to force apps through a MitM setup by blocking all outgoing traffic and configuring something like Privoxy as the only way out, but getting your MitM CA loaded into these apps can be a royal pain.
You can do filtering and monitoring in the DNS server itself in corpo environment, like umbrella or AD DNS.