Here we can see Mozilla's evil plan to watch everything people do online in action

I love how people are worried Mozilla can see web traffic using DNS-over-HTTPS, when they just need to snoop on the browser with a Normandy experiment if they really wanted to do that

Oh wow, DoH sucks more than I thought

"The DoH server is given with a host name that itself needs to be resolved. This initial resolve needs to be done by the native resolver before DoH kicks in."

so basically, we have that:

- a DNS-over-HTTPS servers needs to be found with good old DNS, which could give out a fake IP and thus still see all of your web traffic
- a secure DoH connection still leaks which pages you visit, and its fix (ESNI) has to be supported by each web server and client
- even with a secure DoH + ESNI, you're *still* leaking which pages you visit due to an unencrypted unique ID code (sent by OCSP)

@espectalll Well, for example has a https certificate. So one can visit and it's a valid certificate. So if you enter that IP you don't need to resolve it over DNS.

Same can be done with any IP with a certificate.

@sa0bse That's a good option, but I would expect both DNS providers and many users to prefer more familiar and dynamic domain URLs. Still, it's a good fix.


@espectalll Why would you expect this? You've always configured DNS servers by IP. This is a bootstrapping issue.

I find it silly to configure your DNS in a way that require working DNS for DNS to work.

Β· Β· Web Β· 1 Β· 0 Β· 0

@sa0bse I expect it because people want easy things, and it's easier to remember a few words than a bunch of digits ( being rather an exception, and we're not even talking IPv6)

but yeah, it is silly :blobuwu:

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community