Follow

oh yeah dns-over-https is so good im so glad all the shitty electron apps I have to run to talk to my friends now will be able to load dozens of trackers and I won't be able to block them, it's great, thank you for preserving my privacy

"just change their resolver" the point of DoH is that you can't because each fucking app manages its own settings, and you can't just block outgoing port 53 anymore so you're just stuck. They'll resolve whatever the fuck they want. I guess verizon can't see who's spying on me

Show thread

"just drop their resolver then" yeah sure lemme just drop https to cloudflare's DoH resolver, now that it's the default one for firefox I'm sure nobody on my network will mind lol

Show thread

I mean they could also decide to just. not work if they can't use their set resolver, too, I guess. what are you gonna do then, not talk to your friends? You'll be the weirdo who doesn't want to use Skype or MSN again, but for a reason that even fewer people can see now
Good luck

Show thread

hey please don't come at me to tell me that WELL ACTUALLY DoH is great and I should be grateful that now my DNS requests are encrypted because I Do Not Give A Fuck about your arguments

Show thread

"well if you don't like it you can always stop using computers" YES, PLEASE. FUCKING PLEASE LET ME STOP USING THESE CURSED THINGS, SET ME FREE FINALLY

Show thread

@wxcafe I’m pretty sure I’m missing something, because I’ve never heard of applications using their own DNS, except for Firefox a while ago. Who is doing that?

@melunaka apart from them, right now afaik nobody but the point is that every app like discord/slack/whoever can now

@wxcafe
google's Chrome has been doing its own dns thing since inception.

@melunaka

@wxcafe patching in a cert and spoofing a whole ass dns server

@noiob though it's not that hard for them to use their own certificate store, every fucking electron app already ships their own browser so what's a certificate store? then you gotta patch their binary, and if they obfuscate that, well

@wxcafe how about we just stop using computers ughhhh

@wxcafe I'll send you my good posts by post like they did in the olden days

@wxcafe hm we could also try tcp/ip via avian carriers again, they don't need dns

@wxcafe that was just in the poc, they messed it up in some way, carrier doves are usually pretty reliable

@wxcafe I don't know why people can't just use DNSSEC and one of the various other standards for DNS encryption anyway.... It works over UDP with much less latency and complexity than DoH and still protects you all the same. Oh wait that's right, it's because Google didn't bless it with their support so all those projects died in the wake of DoH 🙃

@noiob @wxcafe have you tried turning it off, and turning it back on again, but with capitalism disabled? Solves most computer problems!

@n0emis @wxcafe now if only i could run Skype, zoom, signal and whatnot in a Firefox tab instead of a vaguely gestures

@n0emis yes this is not at all what I was complaining about and also it’s absolutely not the same thing as an actual management tool

@wxcafe a few months ago I got annoyed by DoH on someone else's firefox, so I changed (normal udp/53) DNS so that mozilla.cloudflare-dns.com A to 127.0.0.1, and as it could not join cloudflare, it felt back to using normal DNS gracefully without complaining at all. Some peoples think it makes us more safe, but this is so wrong, current implementation at least in firefox gives a very false impression of security by defaulting silently to normal DNS when DoH is blocked by an active attacker

@wxcafe If an app is going to hijack and hard-code your DoH settings, they could do a thousand other things to do whatever it is they want. They own the app.

Unscrupulous devs didn't need DoH to do awful things to your privacy and user experience and DoH does not really afford them anything new.

So you've reduced the list of people who can degrade your privacy from the service dev and your ISP to just the service dev. The real thing to consider is how to get the dev off that list TOO.

@wxcafe god I really hope that isn't something that becomes common place

it already annoys me that I have to firewall drop 8.8.8.8 for my Chromecast so it uses my DHCP provided resolvers instead

if random apps start using other resolvers ugh

@wxcafe after switching to cheap laser printers, my life has improved so much because i don't have to deal with nearly as many printer issues

@sanspoint yeah, I have an expensive (SOHO) laser printer (color etc) and it's way better but also it's expensive and consumables are also expensive and it's a large unit :/

@wxcafe
Actually, they could do that without DoH as well.

Constructive criticism is always welcome on the ietf's dnsop-mailinglist ;)

@wxcafe
I still hope at some point electron becomes stable enough so that one can use a shared version for all of them. Than stuff like this can be patched out.

Sign in to participate in the conversation
Mastocafé

This is a mastodon instance for social justice activists, LGBTQIA+ people, and activists in general See the Goals and technical details, and Rules and privacy policy pages for more information