Network operators have no right to know or monitor what people are doing with the utility service they provide.
If you can’t trust them, either make it so you don’t need to trust them, or find trustworthy people and trustworthy (by means of being free) software. Spying on them is never okay.
riseup, disroot, etc DoH when
(although I recommend DNS over TCP over Tor as the best way to preserve privacy when using DNS, if you’re actually going to implement it yourself)
I think I’m sufficiently mad about the state of DNS discourse that a DNS privacy blog post is incoming. Stay tuned.
I wrote a summary of the DNS over TLS vs DNS over HTTPS debate (without going too much into the drama).
It also contains an introduction to my proposed solution, and why it’s better than either.
@qyliss I'm glad you're thinking and working and writing about these issues!
One concern I have with all the proposals I've seen for don't-trust-local-dns is that they make many kinds of network optimization more difficult. For example streaming popular videos (netflix or whatever) should happen between the endpoint and a city-local cdn server, not longhauling the stream from Boston to Berlin just because that's where the DNS resolution happened. The last time I built a service with streaming in it, we found that local cdn nodes improved the user experience enormously.
There are ways around this impact, but they're all quite a bit of work, and I'd like to see DoX (dns over whatever) proposal discussions that acknowledge the challenges that will occur due to the proposed solution...
@eqe my naive idea would be to do this at layers above DNS. If, say, you have a web page displaying video, your web server could use the connecting IP to determine a nearby server to load the video from.
But interesting point that I hadn’t considered. Thank you.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!