Privacy

32112 readers

885 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

183

Say (an encrypted) hello to a more private internet. (infosec.exchange)

submitted 1 year ago by voxel@infosec.exchange to c/privacy@lemmy.ml

33 comments fedilink hide all child comments

Say (an encrypted) hello to a more private internet.

https://blog.mozilla.org/en/products/firefox/encrypted-hello/

Nothing big, but kinda interesting. I'm excited to see how this will go 👀

#privacy #mozilla #firefox @privacy

you are viewing a single comment's thread
view the rest of the comments

[–] Boring@lemmy.ml 6 points 1 year ago (3 children)

While this is good for survielience circumventing.. It is looking like the beginning of the end of DNS filtering and the popularization of encrypted telemetry.

[–] rikudou@lemmings.world 9 points 1 year ago (2 children)

You can always set up a MITM on your network. But yeah, DNS filtering is doomed in the not so far future.

[–] Cheradenine@sh.itjust.works 2 points 1 year ago (1 children)

Does this preclude on device DNS filters?

[–] rikudou@lemmings.world 1 points 1 year ago (1 children)

I think it doesn't, though I'm not really a network guy.

[–] Cheradenine@sh.itjust.works 1 points 1 year ago (1 children)

I read through it, to me, it seems like on/device piHole etc. Would still be fine. But I am not a network guy either

[–] rikudou@lemmings.world 1 points 1 year ago

PiHole might be a different story than your local device, I think that one might be affected.

[–] Boring@lemmy.ml 1 points 1 year ago (1 children)

That's an option, but its a lot of work and all you get in return is broken apps/websites and not being able to tell if someone is mitm-ing you mitm.

I'm sure some engineer out there is going to find a workaround, hopefully without breaking encryption.

[–] rikudou@lemmings.world 2 points 1 year ago

Never had a broken website due to my own MITM.

[–] skullgiver@popplesburger.hilciferous.nl 3 points 1 year ago

Encrypted DNS has been possible and in use for years (including looking up IP addresses over HTTP, which I've caught several apps doing), but this isn't DNS related.

SNI filtering was pretty popular back in the day, but domain fronting is trivial to set up outside the browser. No SNI filtering setups I've come across actually bother to check certificate validity, so generating a self-signed eff.org certificate and using that from within an app would make quick work of most network filters.

I'm afraid firewalls are the only workable solution if you're not in control of the software you're running. You can try to force apps through a MitM setup by blocking all outgoing traffic and configuring something like Privoxy as the only way out, but getting your MitM CA loaded into these apps can be a royal pain.

[–] Hotzilla@sopuli.xyz 2 points 1 year ago

You can do filtering and monitoring in the DNS server itself in corpo environment, like umbrella or AD DNS.