As a DNS-over-TLS (DoT) client, use:
▶️ ANDROID
- Private DNS feature in Android 9+
(Settings > Network & internet > Advanced > Private DNS)
- Personal DNS filter
- Nebulo
▶️ LINUX
Stubby
Unbound
Knot
Bind
Personal DNS filter
▶ Windows
Stubby
Personal DNS filter
Download Full Package of personal DNS filter and read the 'README-Windows-Setup.txt' under 'Windows-Scripts' folder.
https://dnsprivacy.org/dns_privacy_clients/
HERE SOME NON-PROFIT RESOLVERS, RUN BY INTERNET ACTIVIST ORGANIZATIONS OR PRIVATE PERSONS ADVOCATING PRIVACY:
✅neutopia*
TLS Hostname:
IPv4 Address:
✅getdns*★(by getdns/stubby developers)
TLS Hostname:
TCP port: 853
IPv4 Address:
IPv6 Address:
🇳🇱, EU
✅cmrg* (by Daniel Kahn Gillmore)
TLS Hostname:
TCP port: 853 or 443
IPv4 Address:
IPv6 Address:
🇨🇦, Canada, CA
✅ AppliedPrivacy**
TLS Hostname: dot1.appliedprivacy.net
TCP port: 853 or 443
IPv4 Address: 146.255.56.98
IPv6 Address: 2a02:1b8:10:234::2
🇩🇪 and 🇦🇹 , EU
✅ Digitale Gesellschaft
TLS Hostname:
IPv4 Address:
✅ DNS.SB
TLS HOSTNAME:
TCP port:
IPv4 Address:
IPv6 Address 1:
IPv6 Address 2:
🇩🇪, EU
* - highly recommended based on dnsprivacy-monitoring test
** - logs aggregated data for improving their service. Read its privacy policy
★ - Logs traffic volume only
⚠️ Using plaintext DNS isn't recommended as anyone on the wire (your ISP, governments, hackers, Wi-Fi network/coffee shop you're in, etc.) can see what DNS requests you're making and even manipulate them to forward to malicious sites.
⚠️ Do not use Cloudflare, Quad9, Google or your ISP's DNS, as they're run by big corporations | SOURCE
⚠️ Don't use spyware by @TorstenJahnke and nor his DNS (Keweon DNS) | READ CAREFULLY
#dns #DoT
▶️ ANDROID
- Private DNS feature in Android 9+
(Settings > Network & internet > Advanced > Private DNS)
- Personal DNS filter
- Nebulo
▶️ LINUX
Stubby
Unbound
Knot
Bind
Personal DNS filter
▶ Windows
Stubby
Personal DNS filter
Download Full Package of personal DNS filter and read the 'README-Windows-Setup.txt' under 'Windows-Scripts' folder.
https://dnsprivacy.org/dns_privacy_clients/
HERE SOME NON-PROFIT RESOLVERS, RUN BY INTERNET ACTIVIST ORGANIZATIONS OR PRIVATE PERSONS ADVOCATING PRIVACY:
✅neutopia*
TLS Hostname:
dns.neutopia.orgTCP port: 853 or 443
IPv4 Address:
89.234.186.112IPv6 Address:
2a00:5884:8209::2🇫🇷, EU
✅getdns*★(by getdns/stubby developers)
TLS Hostname:
getdnsapi.net
TCP port: 853
IPv4 Address:
185.49.141.37
IPv6 Address:
2a04:b900:0:100::37
🇳🇱, EU
✅cmrg* (by Daniel Kahn Gillmore)
TLS Hostname:
dns.cmrg.net
TCP port: 853 or 443
IPv4 Address:
199.58.81.218
IPv6 Address:
2001:470:1c:76d::53
🇨🇦, Canada, CA
✅ AppliedPrivacy**
TLS Hostname: dot1.appliedprivacy.net
TCP port: 853 or 443
IPv4 Address: 146.255.56.98
IPv6 Address: 2a02:1b8:10:234::2
🇩🇪 and 🇦🇹 , EU
✅ Digitale Gesellschaft
TLS Hostname:
dns.digitale-gesellschaft.chTCP port: 853
IPv4 Address:
185.95.218.42
, 185.95.218.43IPv6 Address:
2a05:fc84::42
, 2a05:fc84::43🇨🇭 Switzerland, CH
✅ DNS.SB
TLS HOSTNAME:
dot.sb
TCP port:
853
IPv4 Address:
45.11.45.11
IPv6 Address 1:
2a09::
IPv6 Address 2:
2a11::
🇩🇪, EU
* - highly recommended based on dnsprivacy-monitoring test
** - logs aggregated data for improving their service. Read its privacy policy
★ - Logs traffic volume only
⚠️ Using plaintext DNS isn't recommended as anyone on the wire (your ISP, governments, hackers, Wi-Fi network/coffee shop you're in, etc.) can see what DNS requests you're making and even manipulate them to forward to malicious sites.
⚠️ Do not use Cloudflare, Quad9, Google or your ISP's DNS, as they're run by big corporations | SOURCE
⚠️ Don't use spyware by @TorstenJahnke and nor his DNS (Keweon DNS) | READ CAREFULLY
#dns #DoT
Telegram
Libreware
personalDNSfilter
personalDNSfilter is a DNS filter proxy written in Java. It hooks into the domain name (DNS) resolution and returns the loopback address for filtered hosts. Available for Java enabled devices including Android (based on VPN)
Filter Ads…
personalDNSfilter is a DNS filter proxy written in Java. It hooks into the domain name (DNS) resolution and returns the loopback address for filtered hosts. Available for Java enabled devices including Android (based on VPN)
Filter Ads…
| DNSCRYPT-PROXY 2 for ANDROID |
DNSCrypt (faq)
I'm @quindecim, I made a FORK of bluemeda project to provide fast updates and more privacy-concious configs by default:
⛔️ Disable DoH
⛔️ Disable IPv6
⛔️
✅ Require DNSSEC
✅ Ephemeral keys (create a new, unique key for every single DNS query)
ℹ️ Set DNS query max. response time from
ℹ️ Use UncensoredDNS as fallback resolver instead CloudFlare
ℹ️ Use
✳️ You can edit the config. file always as you wish - README
I created this channel for sharing
https://t.me/dnscrypt_proxy 👈👈
- INSTALLATION GUIDE:
_________________________________________
1️⃣ Download and install latest
MAGISK:
TWRP RECOVERY:
2️⃣ Reboot.
3️⃣ Open AFWall+ and:
¹ The
_____________________________________
- POST INSTALLING:
✳️ You can edit
✳️ FOR MORE SUPPORT ON A GOOD PRIVACY-ORIENTED SETUP, JOIN THIS CHAT
#dns #dnscrypt #privacy #quindecim
DNSCrypt (faq)
I'm @quindecim, I made a FORK of bluemeda project to provide fast updates and more privacy-concious configs by default:
⛔️ Disable DoH
⛔️ Disable IPv6
⛔️
refused
response for blocked queries✅ Require DNSSEC
✅ Ephemeral keys (create a new, unique key for every single DNS query)
ℹ️ Set DNS query max. response time from
2500
to 1500
, in ms.ℹ️ Use UncensoredDNS as fallback resolver instead CloudFlare
ℹ️ Use
dnscrypt.nl
(NL), dnscrypt.uk
(UK), dnscrypt.eu
(DK/NL), dnswarden
(DE), charis
(DE) and suami
(FR)✳️ You can edit the config. file always as you wish - README
I created this channel for sharing
.zip
, flashable through Magisk or Recovery and provide important news/changelogs from the main PROJECT.https://t.me/dnscrypt_proxy 👈👈
- INSTALLATION GUIDE:
_________________________________________
1️⃣ Download and install latest
.zip
¹ file.MAGISK:
Magisk Manager > Modules > + > DNSCrypt-Proxy_2-android-vx.x.x.zip
TWRP RECOVERY:
Install > DNSCrypt-Proxy_2-android-vx.x.x.zip
2️⃣ Reboot.
3️⃣ Open AFWall+ and:
> Set custom script
ENTER SCRIPT:iptables -t nat -A OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables -t nat -A OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
SHUTDOWN SCRIPT:iptables -t nat -D OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables -t nat -D OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
4️⃣ Test your DNS: https://dnsleaktest.com/¹ The
.zip
file was archived by me directly from the SOURCE._____________________________________
- POST INSTALLING:
✳️ You can edit
dnscrypt-proxy.toml
as you wish located on /sdcard/dnscrypt-proxy/
or /data/media/0/dnscrypt-proxy/
✳️ For more detailed configuration please refer to official documentation HERE✳️ FOR MORE SUPPORT ON A GOOD PRIVACY-ORIENTED SETUP, JOIN THIS CHAT
#dns #dnscrypt #privacy #quindecim
Forwarded from BlackBox (Security) Archiv
Nebulo – DNS over HTTPS/TLS: Our Interview with the Developer
Nebulo – DNS over HTTPS/TLS is a small but neat Android app to make the internet a little bit safer for us. But for users who just want less advertising on their devices, Nebulo is an interesting option. Many interesting questions have come together thanks to the help of our readers.
Nebulo – DNS over HTTPS/TLS 👀
As mentioned before, Nebulo comes with a few features that can be quite practical for us in everyday life.
💡 one-time configuration at the beginning, after that you don’t have to worry about anything anymore
💡 the provider promises: no advertising and no tracking!
💡 own servers can be specified
💡 comparatively low battery consumption, which is important for smartphone users
💡 also works without root.
If you like, you have the possibility to participate actively in the Nebulo Telegram support group. In the support group, you can always find the latest app version to download, or of course you can report bugs and make suggestions. Nebulo can also be found in the Google Play Store, on F-Droid or in the Aurora Droid as well as on GitLab.
Daniel Wolf and the Nebulo DNS App: our interview with the developer
Tarnkappe.info: Daniel, why do you concentrate on Android? Because it’s the better mobile OS? Or because it was easier to develop the DNS changer app for it, or get it approved by the app store operator?
Daniel Wolf: That’s a quick question to answer. Before I made Android apps, I programmed with Java. I also had an Android mobile phone, so the choice was obvious.
DNS Changer itself was created because I needed it myself.
👉🏼 Read more:
https://tarnkappe.info/nebulo-dns-over-https-tls-our-interview-with-the-developer/
#Nebulo #App #DNS #changer #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Nebulo – DNS over HTTPS/TLS is a small but neat Android app to make the internet a little bit safer for us. But for users who just want less advertising on their devices, Nebulo is an interesting option. Many interesting questions have come together thanks to the help of our readers.
Nebulo – DNS over HTTPS/TLS 👀
As mentioned before, Nebulo comes with a few features that can be quite practical for us in everyday life.
💡 one-time configuration at the beginning, after that you don’t have to worry about anything anymore
💡 the provider promises: no advertising and no tracking!
💡 own servers can be specified
💡 comparatively low battery consumption, which is important for smartphone users
💡 also works without root.
If you like, you have the possibility to participate actively in the Nebulo Telegram support group. In the support group, you can always find the latest app version to download, or of course you can report bugs and make suggestions. Nebulo can also be found in the Google Play Store, on F-Droid or in the Aurora Droid as well as on GitLab.
Daniel Wolf and the Nebulo DNS App: our interview with the developer
Tarnkappe.info: Daniel, why do you concentrate on Android? Because it’s the better mobile OS? Or because it was easier to develop the DNS changer app for it, or get it approved by the app store operator?
Daniel Wolf: That’s a quick question to answer. Before I made Android apps, I programmed with Java. I also had an Android mobile phone, so the choice was obvious.
DNS Changer itself was created because I needed it myself.
👉🏼 Read more:
https://tarnkappe.info/nebulo-dns-over-https-tls-our-interview-with-the-developer/
#Nebulo #App #DNS #changer #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
CNAME Cloaking, the dangerous disguise of third-party trackers
How come AdBlock, Adblock Plus, uBlock Origin, Ghostery, Brave and Firefox are letting a third-party tracker from Eulerian, a leading tracking company, execute their script freely on fortuneo.fr, one of the biggest online bank in France?
How come the same thing is happening on thousands of other popular websites worldwide?
What has started to happen in the last few months in the world of third-party tracking is having a major impact on people’s privacy, and it all stayed pretty much under the radar.
👉🏼 Read more 🇬🇧:
https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
👉🏼 Read more 🇩🇪:
https://www.kuketz-blog.de/vorsicht-neue-art-des-trackings-via-cname-cloaking/
#CNAME #Cloaking #tracker #dns #AdBlock #AdblockPlus #uBlock #Ghostery #Brave #Firefox #Eulerian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
How come AdBlock, Adblock Plus, uBlock Origin, Ghostery, Brave and Firefox are letting a third-party tracker from Eulerian, a leading tracking company, execute their script freely on fortuneo.fr, one of the biggest online bank in France?
How come the same thing is happening on thousands of other popular websites worldwide?
What has started to happen in the last few months in the world of third-party tracking is having a major impact on people’s privacy, and it all stayed pretty much under the radar.
👉🏼 Read more 🇬🇧:
https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
👉🏼 Read more 🇩🇪:
https://www.kuketz-blog.de/vorsicht-neue-art-des-trackings-via-cname-cloaking/
#CNAME #Cloaking #tracker #dns #AdBlock #AdblockPlus #uBlock #Ghostery #Brave #Firefox #Eulerian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
The Mozilla Blog
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
NextDNS Joins Firefox’s Trusted Recursive Resolver Program Committing to Data Retention and Transparency Requirements that Respect User Privacy Firefox announced a new partnership with NextDNS to provide Firefox users with ...
InviZible Pro
Telegram channel: @InviZiblePro
Telegram group: @InviZiblePro_Group
Wiki: https://github.com/Gedsh/InviZible/wiki
Download: https://github.com/Gedsh/InviZible/releases
invizible.net
InviZible Pro is an open-source android application. It can protect your internet privacy and security with well-known solutions such as DNSCrypt, Tor and Purple I2P which are used as modules. You can use them all together or activate only one or two at once. InviZible app combines its potential in the best way to achieve comfortable and secure use of the internet.
All application features can be used with root access which gives full control over your android device and power for InviZible to protect your information.
There is a way to use InviZible basic functions without root in combination with those applications that are available to create own local VPN tunnel or use a proxy. Something like NetGuard firewall, personalDNSfilter DNS filter proxy, Firefox browser, Telegram messenger.
InviZible can be used to block ads, malicious sites, and prevent your tracking. Also, you can get access to all blocked Internet resources, Dark Net (onion sites) and Invisible Internet (i2p sites). InviZible helps keep your freedom.
InviZible application is very flexible and can be used by everyone with the default setting. This is usually enough to protect your basic privacy and security. But if you want ultimate protection - no problem. You can configure many useful options to protect yourself better and smarter.
InviZible is compatible with the AfWall+ firewall.
📡 @NoGoolag 📡 @Libreware
#invizible #dns #dnscypt #i2p #tor #privacy #android
Telegram channel: @InviZiblePro
Telegram group: @InviZiblePro_Group
Wiki: https://github.com/Gedsh/InviZible/wiki
Download: https://github.com/Gedsh/InviZible/releases
invizible.net
InviZible Pro is an open-source android application. It can protect your internet privacy and security with well-known solutions such as DNSCrypt, Tor and Purple I2P which are used as modules. You can use them all together or activate only one or two at once. InviZible app combines its potential in the best way to achieve comfortable and secure use of the internet.
All application features can be used with root access which gives full control over your android device and power for InviZible to protect your information.
There is a way to use InviZible basic functions without root in combination with those applications that are available to create own local VPN tunnel or use a proxy. Something like NetGuard firewall, personalDNSfilter DNS filter proxy, Firefox browser, Telegram messenger.
InviZible can be used to block ads, malicious sites, and prevent your tracking. Also, you can get access to all blocked Internet resources, Dark Net (onion sites) and Invisible Internet (i2p sites). InviZible helps keep your freedom.
InviZible application is very flexible and can be used by everyone with the default setting. This is usually enough to protect your basic privacy and security. But if you want ultimate protection - no problem. You can configure many useful options to protect yourself better and smarter.
InviZible is compatible with the AfWall+ firewall.
📡 @NoGoolag 📡 @Libreware
#invizible #dns #dnscypt #i2p #tor #privacy #android
Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Chaos Colloquium #1 - Dr. Roland van Rijswijk-Deij on DNS privacy and security
Post-Snowden, privacy became a prime focus of the IETF, and let to the improvement of a number of Internet protocols. Among these protocols is the Domain Name System, which maps human readable names to machine readable addresses.
The original DNS protocol communicates mostly in plain text over UDP, making it highly susceptible to eavesdropping. Since knowing what names a person queries for is highly revealing about their Internet surfing behaviour, the IETF decided to address the privacy shortcomings of the DNS. Initially, this led to the standardisation of DNS-over-TLS (DoT), and more recently, the standardisation of DNS-over-HTTPS (DoH).
https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-security
#ccc #Colloquium #DNS #privacy #security #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Post-Snowden, privacy became a prime focus of the IETF, and let to the improvement of a number of Internet protocols. Among these protocols is the Domain Name System, which maps human readable names to machine readable addresses.
The original DNS protocol communicates mostly in plain text over UDP, making it highly susceptible to eavesdropping. Since knowing what names a person queries for is highly revealing about their Internet surfing behaviour, the IETF decided to address the privacy shortcomings of the DNS. Initially, this led to the standardisation of DNS-over-TLS (DoT), and more recently, the standardisation of DNS-over-HTTPS (DoH).
https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-security
#ccc #Colloquium #DNS #privacy #security #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
#dns
Activation of DNS over TLS:
https://t.me/NoGoolag/1097
DoT resolvers:
https://t.me/NoGoolag/1503
DNSCloak: System-wide tracking and advertising blocker for iOS:
https://t.me/NoGoolag/1302
Activation of DNS over TLS:
https://t.me/NoGoolag/1097
DoT resolvers:
https://t.me/NoGoolag/1503
DNSCloak: System-wide tracking and advertising blocker for iOS:
https://t.me/NoGoolag/1302
Click on the hashtags. If the note doesn't show up, just type the hashtag in the chat. Else, the note got vanished
#afwall
#alternatives
#altfrontends
#amp
#apk
#aurora
#backup
#blockadstrackers
#bounty
#classroom
#cleaningcrap
#cloud
#cloudflare
#datacollection
#debloat
#deezer
#delete
#deodex
#disablecaptiveportal
#disablecomponents
#disablegoogle
#discord
#dns
#dnscrypt
#dontask
#e
#exodus
#facebook
#fakegapps
#faq
#fdroid
#fennec
#findyourphone
#gcam
#gmail_signin_error
#googlefi
#googletakeout
#gpslock
#graphene
#grapheneos
#gratisapps
#guide
#ipsum
#librechair
#lineagemicrog
#location
#logs
#madaidan
#magicgapps
#magisk
#mailalias
#manjaro
#microg
#mixplorer
#netoff
#news
#nitrokey
#notes
#nothingtohide
#osm
#ot
#playgames
#playpaid
#problems
#pushnotifications
#qpatch
#rh01
#riot
#safetynet
#satstat
#searchengines
#shelter
#signal
#signaturespoofing
#sigspoof
#smalipatcher
#spite
#sync
#tgclients
#todolists
#tor
#torfud
#uber
#uncensorISP
#unlppatch
#untracklinks
#vanced
#vpn
#wear
#wiki
#windows
#wireguard
#withoutgoogle
#xiaomi
#afwall
#alternatives
#altfrontends
#amp
#apk
#aurora
#backup
#blockadstrackers
#bounty
#classroom
#cleaningcrap
#cloud
#cloudflare
#datacollection
#debloat
#deezer
#delete
#deodex
#disablecaptiveportal
#disablecomponents
#disablegoogle
#discord
#dns
#dnscrypt
#dontask
#e
#exodus
#fakegapps
#faq
#fdroid
#fennec
#findyourphone
#gcam
#gmail_signin_error
#googlefi
#googletakeout
#gpslock
#graphene
#grapheneos
#gratisapps
#guide
#ipsum
#librechair
#lineagemicrog
#location
#logs
#madaidan
#magicgapps
#magisk
#mailalias
#manjaro
#microg
#mixplorer
#netoff
#news
#nitrokey
#notes
#nothingtohide
#osm
#ot
#playgames
#playpaid
#problems
#pushnotifications
#qpatch
#rh01
#riot
#safetynet
#satstat
#searchengines
#shelter
#signal
#signaturespoofing
#sigspoof
#smalipatcher
#spite
#sync
#tgclients
#todolists
#tor
#torfud
#uber
#uncensorISP
#unlppatch
#untracklinks
#vanced
#vpn
#wear
#wiki
#windows
#wireguard
#withoutgoogle
#xiaomi
DNS over TLS Lets Google Serve You More Ads
Like a lot of people, I hate advertisements. In my quest to remove ads as much as possible, I've installed an ad blocker in my browser. To go further, I've installed Pi-Hole to block ads for all devices on my home network. I've even setup firewall rules to re-route all DNS traffic through Pi-Hole. This setup seemed to work pretty well until I noticed I was still seeing ads in an app on my Android phone.
Sometime in the last couple of years Google added a Private DNS feature to Android and enabled it by default. Private DNS is really DNS over TLS (DoT), which is supposed to be a privacy feature that encrypts your DNS so your network operators can't snoop on what sites you're browsing. It sounds nice in theory, but when I'm at home, I am the network operator, and DoT has a side-effect of making my apps and devices ignore my carefully planned DNS settings, and bypass my (actually privacy enhancing) Pi-Hole ad blocker. The (surely coincidental) outcome is that Google can freely serve ads to my Android device.
You can disable the Private DNS feature in Android (for now). The bad news is that Firefox is enabling DNS over HTTPS (DoH), which is a similar system, with similar drawbacks. Now, you have to change settings not only on each device's operating system, but you might have to individually configure every app to disable DoT/DoH. The next thing I'm going to try is blocking all traffic to public DoT/DoH servers at my firewall.
💡 Update 2021-03-22:
I learned that Firefox supports a temporary workaround for disabling DoH. You can setup Pi-Hole to point the "canary domain" use-application-dns.net to any IP address to cause Firefox to use normal DNS.
https://ericlathrop.com/2021/03/dns-over-tls-lets-google-serve-you-more-ads/
#private #dns #tls #google #DeleteGoogle #advertising #smartphones #workaround
📡 @nogoolag @blackbox_archiv
Like a lot of people, I hate advertisements. In my quest to remove ads as much as possible, I've installed an ad blocker in my browser. To go further, I've installed Pi-Hole to block ads for all devices on my home network. I've even setup firewall rules to re-route all DNS traffic through Pi-Hole. This setup seemed to work pretty well until I noticed I was still seeing ads in an app on my Android phone.
Sometime in the last couple of years Google added a Private DNS feature to Android and enabled it by default. Private DNS is really DNS over TLS (DoT), which is supposed to be a privacy feature that encrypts your DNS so your network operators can't snoop on what sites you're browsing. It sounds nice in theory, but when I'm at home, I am the network operator, and DoT has a side-effect of making my apps and devices ignore my carefully planned DNS settings, and bypass my (actually privacy enhancing) Pi-Hole ad blocker. The (surely coincidental) outcome is that Google can freely serve ads to my Android device.
You can disable the Private DNS feature in Android (for now). The bad news is that Firefox is enabling DNS over HTTPS (DoH), which is a similar system, with similar drawbacks. Now, you have to change settings not only on each device's operating system, but you might have to individually configure every app to disable DoT/DoH. The next thing I'm going to try is blocking all traffic to public DoT/DoH servers at my firewall.
💡 Update 2021-03-22:
I learned that Firefox supports a temporary workaround for disabling DoH. You can setup Pi-Hole to point the "canary domain" use-application-dns.net to any IP address to cause Firefox to use normal DNS.
https://ericlathrop.com/2021/03/dns-over-tls-lets-google-serve-you-more-ads/
#private #dns #tls #google #DeleteGoogle #advertising #smartphones #workaround
📡 @nogoolag @blackbox_archiv
Ericlathrop
DNS over TLS Lets Google Serve You More Ads
Like a lot of
people,
I hate advertisements. In my quest to remove ads as much as possible, I've
installed an ad blocker in my browser. To go
further, I've installed Pi-Hole to block ads for all
devices on my home network. I've even setup…
people,
I hate advertisements. In my quest to remove ads as much as possible, I've
installed an ad blocker in my browser. To go
further, I've installed Pi-Hole to block ads for all
devices on my home network. I've even setup…
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>_GJ06)
Anatomy of a Linux DNS Lookup – Part I – zwischenzugs – https://zwischenzugs.com/2018/06/08/anatomy-of-a-linux-dns-lookup-part-i/
Since i work a lot with clusteredVMs, I’ve ended up spending a lot of time trying to figure out how #DNS lookups work. I applied ‘fixes’ to my problems from StackOverflow without really understanding why they work (or don’t work) for some time.
Eventually I got fed up with this and decided to figure out how it all hangs together. I couldn’t find a complete guide for this anywhere online, and talking to colleagues they didn’t know of any (or really what happens in detail)
So I’m writing the #guide myself.
The #EU Wants Its Own #DNS Resolver that Can Block ‘Unlawful’ Traffic
https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119/
The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block "illegal" websites, including pirate sites.
https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119/
The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block "illegal" websites, including pirate sites.
Torrentfreak
The EU Wants Its Own DNS Resolver that Can Block 'Unlawful' Traffic * TorrentFreak
The EU is planning to develop its own government-run DNS resolver that can also be used to block unlawful websites.
#Quad9 #DNS resolver loses anti-blocking case against #Sony
https://reclaimthenet.org/quad9-dns-resolver-loses-anti-blocking-case-against-sony
@reclaimthenet
https://reclaimthenet.org/quad9-dns-resolver-loses-anti-blocking-case-against-sony
@reclaimthenet
Reclaim The Net
Quad9 DNS resolver loses anti-blocking case against Sony
An overreaching decision where infrastructure providers are told to block content they don't even host.
How ISPs block websites with DPI - Technical Dive (Deep Packet Inspection)
https://invidious.snopyta.org/watch?v=hkwenjoUgyg&local=true
This is a rough overview of how DPI works. It is important to realize that your ISP (Internet Service Provider) is your gateway to the internet, they have the ability to read all the packets that go through your internet connection. This may be illegal in some countries, maybe not.
Most applications now use secure, encrypted channels (Client to server, not necessarily end to end) - such as websites using HTTPS, which means the ISP cannot see the actual messages / information you exchange. But even with HTTPS, or a 3rd party #DNS, it is possible to know what websites you visit, in most cases.
This video covers how that information is "leaked" and how ISPs like Jio, Airtel, etc. are able to block #torrent and porn websites, even on HTTPS.
#DPI #Censorship #Wireshark #ISP
https://invidious.snopyta.org/watch?v=hkwenjoUgyg&local=true
This is a rough overview of how DPI works. It is important to realize that your ISP (Internet Service Provider) is your gateway to the internet, they have the ability to read all the packets that go through your internet connection. This may be illegal in some countries, maybe not.
Most applications now use secure, encrypted channels (Client to server, not necessarily end to end) - such as websites using HTTPS, which means the ISP cannot see the actual messages / information you exchange. But even with HTTPS, or a 3rd party #DNS, it is possible to know what websites you visit, in most cases.
This video covers how that information is "leaked" and how ISPs like Jio, Airtel, etc. are able to block #torrent and porn websites, even on HTTPS.
#DPI #Censorship #Wireshark #ISP
ooni@mastodon.social - Starting June 22nd, OONI data from China shows the blocking of F-Droid by means of DNS injection, where an unrelated IP address (e.g., DropBox) is returned to the client.
This technique is commonly used in China to restrict access to services.
OONI data showing the block of F-Droid on at least 4 networks can be found here
#FDroid #China #censorship #DNS #DNSinjection
This technique is commonly used in China to restrict access to services.
OONI data showing the block of F-Droid on at least 4 networks can be found here
#FDroid #China #censorship #DNS #DNSinjection