Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

  1. #11
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    Quote Originally Posted by kevdog View Post
    …In terms of VPN - I guess its how much do you trust your VPN provider as many might keep logs and such.
    Absolutely. At some point, it just boils down to having to make that leap of trust. Even Ubuntu itself can be compromised if Canonical decides to compile a very sneaky backdoor into the distro. General users like me are simply unequipped to detect anything like that.

    Re: VPNs: One of the strategies that some security blogs have suggested is to go with providers who have been issued court orders through FBI investigations. The agency raids their server farms to confiscate the actual machines only to confirm that, yes indeed, the provider keeps no logs and the entire infrastructure runs in volatile RAM, so it all evaporates on seizure. Other providers go to the expense of submitting to third-party audits from accredited security firms.

  2. #12
    Join Date
    Mar 2007
    Beans
    386
    Distro
    Ubuntu

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    So, what about TOR?--and TOR browser? Is that actually as secure as it is advertised? It uses a modified Firefox as its basic browser. Does it make VPN connections or just route packets all over the world making tracking more difficult.
    Last edited by lwalper; March 5th, 2020 at 01:23 PM.
    Ubuntu 23.04
    HP Pavillion i5; 8Gb RAM; Epson Perfection 3170 Photo Scanner

    Dell Optiplex 9020 20Gb RAM; 500Gb Crucial SDD (sda); 2000Gb Crucial SDD (sdb)

  3. #13
    Join Date
    Sep 2014
    Location
    United States
    Beans
    362
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    It makes tracking more difficult, but it's not secure. Anyone can see your traffic from the exit node.

  4. #14
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    Quote Originally Posted by lwalper View Post
    So, what about TOR?--and TOR browser? Is that actually as secure as it is advertised? It uses a modified Firefox as its basic browser. Does it make VPN connections or just route packets all over the world making tracking more difficult.
    TOR actually is its own form of VPN in that your connection to the entry node is fully encrypted (essentially a VPN). However, EuclideanCoffee is correct in that, at a minimum, your destination address and metadata must be decrypted at the exit node to allow for delivery. But then, this applies to all VPN providers as well, so there's no real difference there.

    At the risk of digressing from the OP's topic, there's a lot of noise out there regarding TOR and TOR-Browser. Critics have noted that a number of exit nodes and entry points are so massively overcapitalized that they could only be the result of infrastructure belonging to some three-letter agency. Once a critical threshold of entry/exit nodes are controlled by one entity, the Onion routing paradigm breaks down and anonymity evaporates.

    TOR supporters counter that such concerns are highly conjectural fearmongering. There are a lot of well-heeled entities who want TOR to succeed and are willing to fund/support it out of a hybrid of altruism and enlightened self-interest. Everyone from news agencies to NGOs to democracy advocates to financial houses like banks have an interest in promoting its form of anonymity. They could very well be providing massive contributions but keeping very quiet about it for obvious reasons. The triumvirate of Google, Amazon and Apple (who have all made noises about supporting anonymity) could donate insane TOR infrastructure for less than what they spend on coffee.

    When one is dealing with an entity whose very reason for being is anonymity and privacy, it is impossible (almost by definition) to arrive at a holistic clarity about its structure and layout. Were it easy to do so, its anonymity would also evaporate. However, it is conceivable that massively funded government programs could penetrate TOR, either through brute force surveillance of large numbers of entry & exit nodes or (more likely) through exploiting some unknown zero-day flaw in the underlying TOR implementation. Naturally, such agencies ain't talkin.

    TOR itself has established the goal of expanding its nodes into the millions. I'm no mathematician, but my understanding is that the relationship between number of nodes and anonymity is not linear but geometrical. If TOR were to reach this goal, its anonymization paradigm would be theoretically unbreakable (emphasis on "theoretical"). It is generally conceded that TOR already has enough nodes now to make brute force surveillance impractical. This does nothing to alleviate concerns that its underlying implementation is not flawed and therefore exploitable.

    If you are interested in the subject of TOR, it's a fascinating rabbit hole you can fall into and waste days of time exploring. As a general intro, Wikipedia actually has a pretty good entry on its structure, uses, strengths and weaknesses.

    As with all matters of security, it's not TOR itself that constitutes the biggest security weakness, but the people using it. Almost all incidents of purported TOR compromises can be traced back to the foolishness or stupidity of the people relying on it. If you download a picture, movie or song with a hidden payload that reports your IP address back to papa, all the anonymizing in the world won't help you and it won't be TOR's fault when the cops come knocking at your door.

    Personally, I think people who use TOR for things like illegal torrenting, drug purchases or other unsavoury things are idiots. They leave their tracks all over the place and are generally too stupid to use it properly. For example, torrenting was never designed to be anonymous and is full of holes that can be exploited to trace both host and client. On the other hand, if used properly TOR remains an indispensible friend to millions of democracy advocates, whistle-blowers, abuse victims, censorship sufferers, journalists, privacy advocates and health care providers.

  5. #15
    Join Date
    Mar 2007
    Beans
    386
    Distro
    Ubuntu

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    Interesting. Thanks.
    Ubuntu 23.04
    HP Pavillion i5; 8Gb RAM; Epson Perfection 3170 Photo Scanner

    Dell Optiplex 9020 20Gb RAM; 500Gb Crucial SDD (sda); 2000Gb Crucial SDD (sdb)

  6. #16
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    I just enabled Firefox's DoH (DNS over HTTPS) but how to make sure that its working ?
    Lubuntu 20.04

  7. #17
    Join Date
    Sep 2014
    Location
    United States
    Beans
    362
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    Go to this website and run a standard test.
    https://www.dnsleaktest.com/

    You should see Cloudflare or whatever you chose for DoH.

  8. #18
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    Quote Originally Posted by EuclideanCoffee View Post
    Go to this website and run a standard test.
    https://www.dnsleaktest.com/

    You should see Cloudflare or whatever you chose for DoH.
    Yes it is showing

    ISP : Cloudflare
    Country : India (but a different city)

    But on the https://www.dnsleaktest.com/ home page it says Hello "IP Address" from "My city name)
    Last edited by linuxyogi; March 20th, 2020 at 06:34 PM.
    Lubuntu 20.04

  9. #19
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    @EuclideanCoffee
    I have added some more info to my last post. Please have a look.
    Lubuntu 20.04

  10. #20
    Join Date
    Sep 2014
    Location
    United States
    Beans
    362
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: I don't know what DoH (DNS over HTTPS) is and if I should enable it?

    DoH does not hide your IP address.

    Before you visit a website, your computer queries a server called a DNS server. This server returns the true IP address for a URL such as ubuntuforums.com.

    When you do DoH, your query to the DNS server is hidden from an ISP DNS server. ISPs commonly record DNS lookups and use it for advertisement in the USA.

    To hide your IP address, you will need to use a proxy or VPN.

    Everything you do on a computer is traced to you. There is no anonymous network or the operation of one.

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •