Nebulo-1.0Beta-Build28.apk
3.7 MB
Nebulo Version 1.0-Beta (Build 28), Changelog:
- The stop button in the notification works again
- A higher timeout is now used for DoH servers (should improve network on bad connections)
- AdGuard DoT can now be used properly
- UncensoredDns is now used as default server
(As per the poll result)
- Small performance/crash improvements
#nebulo #dns
- The stop button in the notification works again
- A higher timeout is now used for DoH servers (should improve network on bad connections)
- AdGuard DoT can now be used properly
- UncensoredDns is now used as default server
(As per the poll result)
- Small performance/crash improvements
#nebulo #dns
Nebulo-1.0Beta-Build35-FDROID.apk
4.4 MB
Version 1.0-Beta (Build 34 [Build33 GPlay])
RELEASED ONLY FOR ALPHA TESTERS ON GPLAY, NO FDROID RELEASE
Changelog:
- Added Turkish, Indonesian, Russian and Dutch translations - The notification shown when the app crashes when automatic crash reporting is disabled now has a button to send the log files - Replaced some of the icons
- Fixed a few crashes
- Added a view to test dns server speeds
- You can now specify custom IP addresses for hosts. Hosts can be imported from URLs and added by hand.
- A few design tweaks
- Fixed a bug with the database when the app was installed before
>>>>> Side note: This build is stable but might contain bugs as a lot of new stuff has been added, thus it's a smaller rollout. If it is not working try an older release.
Download and suport:
https://t.me/joinchat/I54nRleveRGP8IPmcIdySg
📡 @NoGoolag
#Frostnerd #Update #Nebulo #DNS #HTTPS
RELEASED ONLY FOR ALPHA TESTERS ON GPLAY, NO FDROID RELEASE
Changelog:
- Added Turkish, Indonesian, Russian and Dutch translations - The notification shown when the app crashes when automatic crash reporting is disabled now has a button to send the log files - Replaced some of the icons
- Fixed a few crashes
- Added a view to test dns server speeds
- You can now specify custom IP addresses for hosts. Hosts can be imported from URLs and added by hand.
- A few design tweaks
- Fixed a bug with the database when the app was installed before
>>>>> Side note: This build is stable but might contain bugs as a lot of new stuff has been added, thus it's a smaller rollout. If it is not working try an older release.
Download and suport:
https://t.me/joinchat/I54nRleveRGP8IPmcIdySg
📡 @NoGoolag
#Frostnerd #Update #Nebulo #DNS #HTTPS
How to enable DNS-over-HTTPS (DoH) in Firefox
The below step-by-step guide will show Firefox users how to enable the feature and not wait until Mozilla enables it
💡 Step 1:
Type about:config in the URL bar and press Enter to access Firefox's hidden configuration panel. Here users will need to enable and modify three settings.
💡 Step 2:
The first setting is network.trr.mode. This turns on DoH support. This setting supports four values:
✅ A value of 2 works best, however keep in mind that this is suspectible to downgrade attacks.
💡 Step 3:
The second setting that needs to be modified is network.trr.uri. This is the URL of the DoH-compatible DNS server where Firefox will send DoH DNS queries. By default, Firefox uses Cloudflare's DoH service located at
💡 Step 4:
The third setting is optional and you can skip this one. But if things don't work, you can use this one as a backup for Step 3. The option is called network.trr.bootstrapAddress and is an input field where users can enter the numerical IP address of a plaintext DNS resolver.
For example,
Normally, the URL entered in Step 3 should be enough, though.
Settings should apply right away, but in case they don't work, give Firefox a restart.
👉🏼 Source: Mozilla Wiki
https://wiki.mozilla.org/Trusted_Recursive_Resolver
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/
Edited by NoGoolag admins
📡 @NoGoolag
#firefox #mozilla #dns #https #doh #settings #guide
The below step-by-step guide will show Firefox users how to enable the feature and not wait until Mozilla enables it
💡 Step 1:
Type about:config in the URL bar and press Enter to access Firefox's hidden configuration panel. Here users will need to enable and modify three settings.
💡 Step 2:
The first setting is network.trr.mode. This turns on DoH support. This setting supports four values:
0 - Default value in standard Firefox installations (currently is 5, which means DoH is disabled)1 - DoH is enabled, but Firefox picks if it uses DoH or regular DNS based on which returns faster query responses2 - DoH is enabled, and regular DNS works as a backup3 - DoH is enabled, and regular DNS is disabled5 - DoH is disabled✅ A value of 2 works best, however keep in mind that this is suspectible to downgrade attacks.
💡 Step 3:
The second setting that needs to be modified is network.trr.uri. This is the URL of the DoH-compatible DNS server where Firefox will send DoH DNS queries. By default, Firefox uses Cloudflare's DoH service located at
https://mozilla.cloudflare-dns.com/dns-query. However, users can use their own DoH server URL. They can select one from the many available servers, from this list, here. The reason why Mozilla uses Cloudflare in Firefox is because the companies reached an agreement following which Cloudflare would collect very little data on DoH queries coming from Firefox users.💡 Step 4:
The third setting is optional and you can skip this one. But if things don't work, you can use this one as a backup for Step 3. The option is called network.trr.bootstrapAddress and is an input field where users can enter the numerical IP address of a plaintext DNS resolver.
For example,
91.239.100.100 (uncensoreddns.org "anycast").Normally, the URL entered in Step 3 should be enough, though.
Settings should apply right away, but in case they don't work, give Firefox a restart.
👉🏼 Source: Mozilla Wiki
https://wiki.mozilla.org/Trusted_Recursive_Resolver
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/
Edited by NoGoolag admins
📡 @NoGoolag
#firefox #mozilla #dns #https #doh #settings #guide
As a DNS-over-TLS (DoT) client, use:
▶️ ANDROID
- Private DNS feature in Android 9+
(Settings > Network & internet > Advanced > Private DNS)
- Personal DNS filter
- Nebulo
▶️ LINUX
Stubby
Unbound
Knot
Bind
Personal DNS filter
▶ Windows
Stubby
Personal DNS filter
Download Full Package of personal DNS filter and read the 'README-Windows-Setup.txt' under 'Windows-Scripts' folder.
https://dnsprivacy.org/dns_privacy_clients/
HERE SOME NON-PROFIT RESOLVERS, RUN BY INTERNET ACTIVIST ORGANIZATIONS OR PRIVATE PERSONS ADVOCATING PRIVACY:
✅neutopia*
TLS Hostname:
IPv4 Address:
✅getdns*★(by getdns/stubby developers)
TLS Hostname:
TCP port: 853
IPv4 Address:
IPv6 Address:
🇳🇱, EU
✅cmrg* (by Daniel Kahn Gillmore)
TLS Hostname:
TCP port: 853 or 443
IPv4 Address:
IPv6 Address:
🇨🇦, Canada, CA
✅ AppliedPrivacy**
TLS Hostname: dot1.appliedprivacy.net
TCP port: 853 or 443
IPv4 Address: 146.255.56.98
IPv6 Address: 2a02:1b8:10:234::2
🇩🇪 and 🇦🇹 , EU
✅ Digitale Gesellschaft
TLS Hostname:
IPv4 Address:
✅ DNS.SB
TLS HOSTNAME:
TCP port:
IPv4 Address:
IPv6 Address 1:
IPv6 Address 2:
🇩🇪, EU
* - highly recommended based on dnsprivacy-monitoring test
** - logs aggregated data for improving their service. Read its privacy policy
★ - Logs traffic volume only
⚠️ Using plaintext DNS isn't recommended as anyone on the wire (your ISP, governments, hackers, Wi-Fi network/coffee shop you're in, etc.) can see what DNS requests you're making and even manipulate them to forward to malicious sites.
⚠️ Do not use Cloudflare, Quad9, Google or your ISP's DNS, as they're run by big corporations | SOURCE
⚠️ Don't use spyware by @TorstenJahnke and nor his DNS (Keweon DNS) | READ CAREFULLY
#dns #DoT
▶️ ANDROID
- Private DNS feature in Android 9+
(Settings > Network & internet > Advanced > Private DNS)
- Personal DNS filter
- Nebulo
▶️ LINUX
Stubby
Unbound
Knot
Bind
Personal DNS filter
▶ Windows
Stubby
Personal DNS filter
Download Full Package of personal DNS filter and read the 'README-Windows-Setup.txt' under 'Windows-Scripts' folder.
https://dnsprivacy.org/dns_privacy_clients/
HERE SOME NON-PROFIT RESOLVERS, RUN BY INTERNET ACTIVIST ORGANIZATIONS OR PRIVATE PERSONS ADVOCATING PRIVACY:
✅neutopia*
TLS Hostname:
dns.neutopia.orgTCP port: 853 or 443
IPv4 Address:
89.234.186.112IPv6 Address:
2a00:5884:8209::2🇫🇷, EU
✅getdns*★(by getdns/stubby developers)
TLS Hostname:
getdnsapi.netTCP port: 853
IPv4 Address:
185.49.141.37IPv6 Address:
2a04:b900:0:100::37🇳🇱, EU
✅cmrg* (by Daniel Kahn Gillmore)
TLS Hostname:
dns.cmrg.netTCP port: 853 or 443
IPv4 Address:
199.58.81.218IPv6 Address:
2001:470:1c:76d::53🇨🇦, Canada, CA
✅ AppliedPrivacy**
TLS Hostname: dot1.appliedprivacy.net
TCP port: 853 or 443
IPv4 Address: 146.255.56.98
IPv6 Address: 2a02:1b8:10:234::2
🇩🇪 and 🇦🇹 , EU
✅ Digitale Gesellschaft
TLS Hostname:
dns.digitale-gesellschaft.chTCP port: 853
IPv4 Address:
185.95.218.42, 185.95.218.43IPv6 Address:
2a05:fc84::42, 2a05:fc84::43🇨🇭 Switzerland, CH
✅ DNS.SB
TLS HOSTNAME:
dot.sbTCP port:
853IPv4 Address:
45.11.45.11IPv6 Address 1:
2a09::IPv6 Address 2:
2a11::🇩🇪, EU
* - highly recommended based on dnsprivacy-monitoring test
** - logs aggregated data for improving their service. Read its privacy policy
★ - Logs traffic volume only
⚠️ Using plaintext DNS isn't recommended as anyone on the wire (your ISP, governments, hackers, Wi-Fi network/coffee shop you're in, etc.) can see what DNS requests you're making and even manipulate them to forward to malicious sites.
⚠️ Do not use Cloudflare, Quad9, Google or your ISP's DNS, as they're run by big corporations | SOURCE
⚠️ Don't use spyware by @TorstenJahnke and nor his DNS (Keweon DNS) | READ CAREFULLY
#dns #DoT
Telegram
Libreware
personalDNSfilter
personalDNSfilter is a DNS filter proxy written in Java. It hooks into the domain name (DNS) resolution and returns the loopback address for filtered hosts. Available for Java enabled devices including Android (based on VPN)
Filter Ads…
personalDNSfilter is a DNS filter proxy written in Java. It hooks into the domain name (DNS) resolution and returns the loopback address for filtered hosts. Available for Java enabled devices including Android (based on VPN)
Filter Ads…
| DNSCRYPT-PROXY 2 for ANDROID |
DNSCrypt (faq)
I'm @quindecim, I made a FORK of bluemeda project to provide fast updates and more privacy-concious configs by default:
⛔️ Disable DoH
⛔️ Disable IPv6
⛔️
✅ Require DNSSEC
✅ Ephemeral keys (create a new, unique key for every single DNS query)
ℹ️ Set DNS query max. response time from
ℹ️ Use UncensoredDNS as fallback resolver instead CloudFlare
ℹ️ Use
✳️ You can edit the config. file always as you wish - README
I created this channel for sharing
https://t.me/dnscrypt_proxy 👈👈
- INSTALLATION GUIDE:
_________________________________________
1️⃣ Download and install latest
MAGISK:
TWRP RECOVERY:
2️⃣ Reboot.
3️⃣ Open AFWall+ and:
¹ The
_____________________________________
- POST INSTALLING:
✳️ You can edit
✳️ FOR MORE SUPPORT ON A GOOD PRIVACY-ORIENTED SETUP, JOIN THIS CHAT
#dns #dnscrypt #privacy #quindecim
DNSCrypt (faq)
I'm @quindecim, I made a FORK of bluemeda project to provide fast updates and more privacy-concious configs by default:
⛔️ Disable DoH
⛔️ Disable IPv6
⛔️
refused response for blocked queries✅ Require DNSSEC
✅ Ephemeral keys (create a new, unique key for every single DNS query)
ℹ️ Set DNS query max. response time from
2500 to 1500, in ms.ℹ️ Use UncensoredDNS as fallback resolver instead CloudFlare
ℹ️ Use
dnscrypt.nl (NL), dnscrypt.uk (UK), dnscrypt.eu (DK/NL), dnswarden (DE), charis (DE) and suami (FR)✳️ You can edit the config. file always as you wish - README
I created this channel for sharing
.zip, flashable through Magisk or Recovery and provide important news/changelogs from the main PROJECT.https://t.me/dnscrypt_proxy 👈👈
- INSTALLATION GUIDE:
_________________________________________
1️⃣ Download and install latest
.zip¹ file.MAGISK:
Magisk Manager > Modules > + > DNSCrypt-Proxy_2-android-vx.x.x.zipTWRP RECOVERY:
Install > DNSCrypt-Proxy_2-android-vx.x.x.zip2️⃣ Reboot.
3️⃣ Open AFWall+ and:
> Set custom script
ENTER SCRIPT:iptables -t nat -A OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables -t nat -A OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
SHUTDOWN SCRIPT:iptables -t nat -D OUTPUT -p tcp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables -t nat -D OUTPUT -p udp ! -d 91.239.100.100 --dport 53 -j DNAT --to-destination 127.0.0.1:53
4️⃣ Test your DNS: https://dnsleaktest.com/¹ The
.zip file was archived by me directly from the SOURCE._____________________________________
- POST INSTALLING:
✳️ You can edit
dnscrypt-proxy.toml as you wish located on /sdcard/dnscrypt-proxy/ or /data/media/0/dnscrypt-proxy/
✳️ For more detailed configuration please refer to official documentation HERE✳️ FOR MORE SUPPORT ON A GOOD PRIVACY-ORIENTED SETUP, JOIN THIS CHAT
#dns #dnscrypt #privacy #quindecim
Forwarded from BlackBox (Security) Archiv
Nebulo – DNS over HTTPS/TLS: Our Interview with the Developer
Nebulo – DNS over HTTPS/TLS is a small but neat Android app to make the internet a little bit safer for us. But for users who just want less advertising on their devices, Nebulo is an interesting option. Many interesting questions have come together thanks to the help of our readers.
Nebulo – DNS over HTTPS/TLS 👀
As mentioned before, Nebulo comes with a few features that can be quite practical for us in everyday life.
💡 one-time configuration at the beginning, after that you don’t have to worry about anything anymore
💡 the provider promises: no advertising and no tracking!
💡 own servers can be specified
💡 comparatively low battery consumption, which is important for smartphone users
💡 also works without root.
If you like, you have the possibility to participate actively in the Nebulo Telegram support group. In the support group, you can always find the latest app version to download, or of course you can report bugs and make suggestions. Nebulo can also be found in the Google Play Store, on F-Droid or in the Aurora Droid as well as on GitLab.
Daniel Wolf and the Nebulo DNS App: our interview with the developer
Tarnkappe.info: Daniel, why do you concentrate on Android? Because it’s the better mobile OS? Or because it was easier to develop the DNS changer app for it, or get it approved by the app store operator?
Daniel Wolf: That’s a quick question to answer. Before I made Android apps, I programmed with Java. I also had an Android mobile phone, so the choice was obvious.
DNS Changer itself was created because I needed it myself.
👉🏼 Read more:
https://tarnkappe.info/nebulo-dns-over-https-tls-our-interview-with-the-developer/
#Nebulo #App #DNS #changer #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Nebulo – DNS over HTTPS/TLS is a small but neat Android app to make the internet a little bit safer for us. But for users who just want less advertising on their devices, Nebulo is an interesting option. Many interesting questions have come together thanks to the help of our readers.
Nebulo – DNS over HTTPS/TLS 👀
As mentioned before, Nebulo comes with a few features that can be quite practical for us in everyday life.
💡 one-time configuration at the beginning, after that you don’t have to worry about anything anymore
💡 the provider promises: no advertising and no tracking!
💡 own servers can be specified
💡 comparatively low battery consumption, which is important for smartphone users
💡 also works without root.
If you like, you have the possibility to participate actively in the Nebulo Telegram support group. In the support group, you can always find the latest app version to download, or of course you can report bugs and make suggestions. Nebulo can also be found in the Google Play Store, on F-Droid or in the Aurora Droid as well as on GitLab.
Daniel Wolf and the Nebulo DNS App: our interview with the developer
Tarnkappe.info: Daniel, why do you concentrate on Android? Because it’s the better mobile OS? Or because it was easier to develop the DNS changer app for it, or get it approved by the app store operator?
Daniel Wolf: That’s a quick question to answer. Before I made Android apps, I programmed with Java. I also had an Android mobile phone, so the choice was obvious.
DNS Changer itself was created because I needed it myself.
👉🏼 Read more:
https://tarnkappe.info/nebulo-dns-over-https-tls-our-interview-with-the-developer/
#Nebulo #App #DNS #changer #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
CNAME Cloaking, the dangerous disguise of third-party trackers
How come AdBlock, Adblock Plus, uBlock Origin, Ghostery, Brave and Firefox are letting a third-party tracker from Eulerian, a leading tracking company, execute their script freely on fortuneo.fr, one of the biggest online bank in France?
How come the same thing is happening on thousands of other popular websites worldwide?
What has started to happen in the last few months in the world of third-party tracking is having a major impact on people’s privacy, and it all stayed pretty much under the radar.
👉🏼 Read more 🇬🇧:
https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
👉🏼 Read more 🇩🇪:
https://www.kuketz-blog.de/vorsicht-neue-art-des-trackings-via-cname-cloaking/
#CNAME #Cloaking #tracker #dns #AdBlock #AdblockPlus #uBlock #Ghostery #Brave #Firefox #Eulerian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
How come AdBlock, Adblock Plus, uBlock Origin, Ghostery, Brave and Firefox are letting a third-party tracker from Eulerian, a leading tracking company, execute their script freely on fortuneo.fr, one of the biggest online bank in France?
How come the same thing is happening on thousands of other popular websites worldwide?
What has started to happen in the last few months in the world of third-party tracking is having a major impact on people’s privacy, and it all stayed pretty much under the radar.
👉🏼 Read more 🇬🇧:
https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
👉🏼 Read more 🇩🇪:
https://www.kuketz-blog.de/vorsicht-neue-art-des-trackings-via-cname-cloaking/
#CNAME #Cloaking #tracker #dns #AdBlock #AdblockPlus #uBlock #Ghostery #Brave #Firefox #Eulerian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
The Mozilla Blog
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
NextDNS Joins Firefox’s Trusted Recursive Resolver Program Committing to Data Retention and Transparency Requirements that Respect User Privacy Firefox announced a new partnership with NextDNS to provide Firefox users with ...
InviZible Pro
Telegram channel: @InviZiblePro
Telegram group: @InviZiblePro_Group
Wiki: https://github.com/Gedsh/InviZible/wiki
Download: https://github.com/Gedsh/InviZible/releases
invizible.net
InviZible Pro is an open-source android application. It can protect your internet privacy and security with well-known solutions such as DNSCrypt, Tor and Purple I2P which are used as modules. You can use them all together or activate only one or two at once. InviZible app combines its potential in the best way to achieve comfortable and secure use of the internet.
All application features can be used with root access which gives full control over your android device and power for InviZible to protect your information.
There is a way to use InviZible basic functions without root in combination with those applications that are available to create own local VPN tunnel or use a proxy. Something like NetGuard firewall, personalDNSfilter DNS filter proxy, Firefox browser, Telegram messenger.
InviZible can be used to block ads, malicious sites, and prevent your tracking. Also, you can get access to all blocked Internet resources, Dark Net (onion sites) and Invisible Internet (i2p sites). InviZible helps keep your freedom.
InviZible application is very flexible and can be used by everyone with the default setting. This is usually enough to protect your basic privacy and security. But if you want ultimate protection - no problem. You can configure many useful options to protect yourself better and smarter.
InviZible is compatible with the AfWall+ firewall.
📡 @NoGoolag 📡 @Libreware
#invizible #dns #dnscypt #i2p #tor #privacy #android
Telegram channel: @InviZiblePro
Telegram group: @InviZiblePro_Group
Wiki: https://github.com/Gedsh/InviZible/wiki
Download: https://github.com/Gedsh/InviZible/releases
invizible.net
InviZible Pro is an open-source android application. It can protect your internet privacy and security with well-known solutions such as DNSCrypt, Tor and Purple I2P which are used as modules. You can use them all together or activate only one or two at once. InviZible app combines its potential in the best way to achieve comfortable and secure use of the internet.
All application features can be used with root access which gives full control over your android device and power for InviZible to protect your information.
There is a way to use InviZible basic functions without root in combination with those applications that are available to create own local VPN tunnel or use a proxy. Something like NetGuard firewall, personalDNSfilter DNS filter proxy, Firefox browser, Telegram messenger.
InviZible can be used to block ads, malicious sites, and prevent your tracking. Also, you can get access to all blocked Internet resources, Dark Net (onion sites) and Invisible Internet (i2p sites). InviZible helps keep your freedom.
InviZible application is very flexible and can be used by everyone with the default setting. This is usually enough to protect your basic privacy and security. But if you want ultimate protection - no problem. You can configure many useful options to protect yourself better and smarter.
InviZible is compatible with the AfWall+ firewall.
📡 @NoGoolag 📡 @Libreware
#invizible #dns #dnscypt #i2p #tor #privacy #android
Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Chaos Colloquium #1 - Dr. Roland van Rijswijk-Deij on DNS privacy and security
Post-Snowden, privacy became a prime focus of the IETF, and let to the improvement of a number of Internet protocols. Among these protocols is the Domain Name System, which maps human readable names to machine readable addresses.
The original DNS protocol communicates mostly in plain text over UDP, making it highly susceptible to eavesdropping. Since knowing what names a person queries for is highly revealing about their Internet surfing behaviour, the IETF decided to address the privacy shortcomings of the DNS. Initially, this led to the standardisation of DNS-over-TLS (DoT), and more recently, the standardisation of DNS-over-HTTPS (DoH).
https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-security
#ccc #Colloquium #DNS #privacy #security #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Post-Snowden, privacy became a prime focus of the IETF, and let to the improvement of a number of Internet protocols. Among these protocols is the Domain Name System, which maps human readable names to machine readable addresses.
The original DNS protocol communicates mostly in plain text over UDP, making it highly susceptible to eavesdropping. Since knowing what names a person queries for is highly revealing about their Internet surfing behaviour, the IETF decided to address the privacy shortcomings of the DNS. Initially, this led to the standardisation of DNS-over-TLS (DoT), and more recently, the standardisation of DNS-over-HTTPS (DoH).
https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-security
#ccc #Colloquium #DNS #privacy #security #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
#dns
Activation of DNS over TLS:
https://t.me/NoGoolag/1097
DoT resolvers:
https://t.me/NoGoolag/1503
DNSCloak: System-wide tracking and advertising blocker for iOS:
https://t.me/NoGoolag/1302
Activation of DNS over TLS:
https://t.me/NoGoolag/1097
DoT resolvers:
https://t.me/NoGoolag/1503
DNSCloak: System-wide tracking and advertising blocker for iOS:
https://t.me/NoGoolag/1302
Click on the hashtags. If the note doesn't show up, just type the hashtag in the chat. Else, the note got vanished
#afwall
#alternatives
#altfrontends
#amp
#apk
#aurora
#backup
#blockadstrackers
#bounty
#classroom
#cleaningcrap
#cloud
#cloudflare
#datacollection
#debloat
#deezer
#delete
#deodex
#disablecaptiveportal
#disablecomponents
#disablegoogle
#discord
#dns
#dnscrypt
#dontask
#e
#exodus
#facebook
#fakegapps
#faq
#fdroid
#fennec
#findyourphone
#gcam
#gmail_signin_error
#googlefi
#googletakeout
#gpslock
#graphene
#grapheneos
#gratisapps
#guide
#ipsum
#librechair
#lineagemicrog
#location
#logs
#madaidan
#magicgapps
#magisk
#mailalias
#manjaro
#microg
#mixplorer
#netoff
#news
#nitrokey
#notes
#nothingtohide
#osm
#ot
#playgames
#playpaid
#problems
#pushnotifications
#qpatch
#rh01
#riot
#safetynet
#satstat
#searchengines
#shelter
#signal
#signaturespoofing
#sigspoof
#smalipatcher
#spite
#sync
#tgclients
#todolists
#tor
#torfud
#uber
#uncensorISP
#unlppatch
#untracklinks
#vanced
#vpn
#wear
#wiki
#windows
#wireguard
#withoutgoogle
#xiaomi
#afwall
#alternatives
#altfrontends
#amp
#apk
#aurora
#backup
#blockadstrackers
#bounty
#classroom
#cleaningcrap
#cloud
#cloudflare
#datacollection
#debloat
#deezer
#delete
#deodex
#disablecaptiveportal
#disablecomponents
#disablegoogle
#discord
#dns
#dnscrypt
#dontask
#e
#exodus
#fakegapps
#faq
#fdroid
#fennec
#findyourphone
#gcam
#gmail_signin_error
#googlefi
#googletakeout
#gpslock
#graphene
#grapheneos
#gratisapps
#guide
#ipsum
#librechair
#lineagemicrog
#location
#logs
#madaidan
#magicgapps
#magisk
#mailalias
#manjaro
#microg
#mixplorer
#netoff
#news
#nitrokey
#notes
#nothingtohide
#osm
#ot
#playgames
#playpaid
#problems
#pushnotifications
#qpatch
#rh01
#riot
#safetynet
#satstat
#searchengines
#shelter
#signal
#signaturespoofing
#sigspoof
#smalipatcher
#spite
#sync
#tgclients
#todolists
#tor
#torfud
#uber
#uncensorISP
#unlppatch
#untracklinks
#vanced
#vpn
#wear
#wiki
#windows
#wireguard
#withoutgoogle
#xiaomi
DNS over TLS Lets Google Serve You More Ads
Like a lot of people, I hate advertisements. In my quest to remove ads as much as possible, I've installed an ad blocker in my browser. To go further, I've installed Pi-Hole to block ads for all devices on my home network. I've even setup firewall rules to re-route all DNS traffic through Pi-Hole. This setup seemed to work pretty well until I noticed I was still seeing ads in an app on my Android phone.
Sometime in the last couple of years Google added a Private DNS feature to Android and enabled it by default. Private DNS is really DNS over TLS (DoT), which is supposed to be a privacy feature that encrypts your DNS so your network operators can't snoop on what sites you're browsing. It sounds nice in theory, but when I'm at home, I am the network operator, and DoT has a side-effect of making my apps and devices ignore my carefully planned DNS settings, and bypass my (actually privacy enhancing) Pi-Hole ad blocker. The (surely coincidental) outcome is that Google can freely serve ads to my Android device.
You can disable the Private DNS feature in Android (for now). The bad news is that Firefox is enabling DNS over HTTPS (DoH), which is a similar system, with similar drawbacks. Now, you have to change settings not only on each device's operating system, but you might have to individually configure every app to disable DoT/DoH. The next thing I'm going to try is blocking all traffic to public DoT/DoH servers at my firewall.
💡 Update 2021-03-22:
I learned that Firefox supports a temporary workaround for disabling DoH. You can setup Pi-Hole to point the "canary domain" use-application-dns.net to any IP address to cause Firefox to use normal DNS.
https://ericlathrop.com/2021/03/dns-over-tls-lets-google-serve-you-more-ads/
#private #dns #tls #google #DeleteGoogle #advertising #smartphones #workaround
📡 @nogoolag @blackbox_archiv
Like a lot of people, I hate advertisements. In my quest to remove ads as much as possible, I've installed an ad blocker in my browser. To go further, I've installed Pi-Hole to block ads for all devices on my home network. I've even setup firewall rules to re-route all DNS traffic through Pi-Hole. This setup seemed to work pretty well until I noticed I was still seeing ads in an app on my Android phone.
Sometime in the last couple of years Google added a Private DNS feature to Android and enabled it by default. Private DNS is really DNS over TLS (DoT), which is supposed to be a privacy feature that encrypts your DNS so your network operators can't snoop on what sites you're browsing. It sounds nice in theory, but when I'm at home, I am the network operator, and DoT has a side-effect of making my apps and devices ignore my carefully planned DNS settings, and bypass my (actually privacy enhancing) Pi-Hole ad blocker. The (surely coincidental) outcome is that Google can freely serve ads to my Android device.
You can disable the Private DNS feature in Android (for now). The bad news is that Firefox is enabling DNS over HTTPS (DoH), which is a similar system, with similar drawbacks. Now, you have to change settings not only on each device's operating system, but you might have to individually configure every app to disable DoT/DoH. The next thing I'm going to try is blocking all traffic to public DoT/DoH servers at my firewall.
💡 Update 2021-03-22:
I learned that Firefox supports a temporary workaround for disabling DoH. You can setup Pi-Hole to point the "canary domain" use-application-dns.net to any IP address to cause Firefox to use normal DNS.
https://ericlathrop.com/2021/03/dns-over-tls-lets-google-serve-you-more-ads/
#private #dns #tls #google #DeleteGoogle #advertising #smartphones #workaround
📡 @nogoolag @blackbox_archiv
Ericlathrop
DNS over TLS Lets Google Serve You More Ads
Like a lot of
people,
I hate advertisements. In my quest to remove ads as much as possible, I've
installed an ad blocker in my browser. To go
further, I've installed Pi-Hole to block ads for all
devices on my home network. I've even setup…
people,
I hate advertisements. In my quest to remove ads as much as possible, I've
installed an ad blocker in my browser. To go
further, I've installed Pi-Hole to block ads for all
devices on my home network. I've even setup…
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>_GJ06)
Anatomy of a Linux DNS Lookup – Part I – zwischenzugs – https://zwischenzugs.com/2018/06/08/anatomy-of-a-linux-dns-lookup-part-i/
Since i work a lot with clusteredVMs, I’ve ended up spending a lot of time trying to figure out how #DNS lookups work. I applied ‘fixes’ to my problems from StackOverflow without really understanding why they work (or don’t work) for some time.
Eventually I got fed up with this and decided to figure out how it all hangs together. I couldn’t find a complete guide for this anywhere online, and talking to colleagues they didn’t know of any (or really what happens in detail)
So I’m writing the #guide myself.The #EU Wants Its Own #DNS Resolver that Can Block ‘Unlawful’ Traffic
https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119/
The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block "illegal" websites, including pirate sites.
https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119/
The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block "illegal" websites, including pirate sites.
Torrentfreak
The EU Wants Its Own DNS Resolver that Can Block 'Unlawful' Traffic * TorrentFreak
The EU is planning to develop its own government-run DNS resolver that can also be used to block unlawful websites.
#Quad9 #DNS resolver loses anti-blocking case against #Sony
https://reclaimthenet.org/quad9-dns-resolver-loses-anti-blocking-case-against-sony
@reclaimthenet
https://reclaimthenet.org/quad9-dns-resolver-loses-anti-blocking-case-against-sony
@reclaimthenet
Reclaim The Net
Quad9 DNS resolver loses anti-blocking case against Sony
An overreaching decision where infrastructure providers are told to block content they don't even host.
How ISPs block websites with DPI - Technical Dive (Deep Packet Inspection)
https://invidious.snopyta.org/watch?v=hkwenjoUgyg&local=true
This is a rough overview of how DPI works. It is important to realize that your ISP (Internet Service Provider) is your gateway to the internet, they have the ability to read all the packets that go through your internet connection. This may be illegal in some countries, maybe not.
Most applications now use secure, encrypted channels (Client to server, not necessarily end to end) - such as websites using HTTPS, which means the ISP cannot see the actual messages / information you exchange. But even with HTTPS, or a 3rd party #DNS, it is possible to know what websites you visit, in most cases.
This video covers how that information is "leaked" and how ISPs like Jio, Airtel, etc. are able to block #torrent and porn websites, even on HTTPS.
#DPI #Censorship #Wireshark #ISP
https://invidious.snopyta.org/watch?v=hkwenjoUgyg&local=true
This is a rough overview of how DPI works. It is important to realize that your ISP (Internet Service Provider) is your gateway to the internet, they have the ability to read all the packets that go through your internet connection. This may be illegal in some countries, maybe not.
Most applications now use secure, encrypted channels (Client to server, not necessarily end to end) - such as websites using HTTPS, which means the ISP cannot see the actual messages / information you exchange. But even with HTTPS, or a 3rd party #DNS, it is possible to know what websites you visit, in most cases.
This video covers how that information is "leaked" and how ISPs like Jio, Airtel, etc. are able to block #torrent and porn websites, even on HTTPS.
#DPI #Censorship #Wireshark #ISP
ooni@mastodon.social - Starting June 22nd, OONI data from China shows the blocking of F-Droid by means of DNS injection, where an unrelated IP address (e.g., DropBox) is returned to the client.
This technique is commonly used in China to restrict access to services.
OONI data showing the block of F-Droid on at least 4 networks can be found here
#FDroid #China #censorship #DNS #DNSinjection
This technique is commonly used in China to restrict access to services.
OONI data showing the block of F-Droid on at least 4 networks can be found here
#FDroid #China #censorship #DNS #DNSinjection