Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 47

Thread: Configured Dns over TLS ..... Is this good for privacy?

  1. #31
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    Quote Originally Posted by kevdog View Post
    Hey about that Nextcloud thing -- yeah just stick a VPN in front of it -- and you don't have to worry about opening it up to the world!!
    I considered it. But I eventually want to offer its use to Mrs DH and the kids. Even selected friends if I can convince myself that it is resilient, can be made reliable and is not too burdensome on me. I already have a VPN set up on my router, but unfortunately, while it isn't any trouble for a tech‑head like me, it just wouldn't work for the Mrs or for others.

    Thanks for the thought though.

    PS

    I do like your suggestion of hiving it off on a VLAN. DD-WRT supports isolating a physical port and segmenting the LAN. I will play a bit with that idea.
    Last edited by DuckHook; February 24th, 2021 at 07:02 AM. Reason: Additional thoughts

  2. #32
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,897
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Configured Dns over TLS ..... Is this good for privacy?

    In terms of VLANs, I'm not sure how your Nextcloud setup is configured, however I needed some interVLAN routing. I'm not certain how DD-WRT handles interVLAN routing since if using this combination you need a router and managed switches capable of handling the VLAN tagging.

  3. #33
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Configured Dns over TLS ..... Is this good for privacy?

    VPNs are used by normal people all the time.

    IMHO, better than putting a php web-app as complex as nextcloud on the internet when it is running inside your LAN. Mrs DH and the kids should probably be using the VPN full time from their phones anyway. The VPN client configs are pretty easy to setup these days. They use 2d barcodes and the standard VPN client for the platform.

  4. #34
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    Quote Originally Posted by kevdog View Post
    In terms of VLANs, I'm not sure how your Nextcloud setup is configured, however I needed some interVLAN routing. I'm not certain how DD-WRT handles interVLAN routing since if using this combination you need a router and managed switches capable of handling the VLAN tagging.
    Current versions of DD-WRT have VLAN tagging. However, I don't purpose to go down that rabbit hole. I'm considering just segmenting one physical port off of the router and attaching my Nextcloud server to it. That way, Nextcloud doesn't even see my LAN. If I get really ambitious, I might install another NIC on the server, bind it to the Nextcloud container, and keep my original NIC for the the physical server. I would have to be very sure of the security implications of that, but it would certainly be more convenient.
    Quote Originally Posted by TheFu View Post
    VPNs are used by normal people all the time.

    IMHO, better than putting a php web-app as complex as nextcloud on the internet when it is running inside your LAN. Mrs DH and the kids should probably be using the VPN full time from their phones anyway. The VPN client configs are pretty easy to setup these days. They use 2d barcodes and the standard VPN client for the platform.
    Mrs DH, bless her, is a far better person than me in every which way, but she cannot wrap her head around how the gear shift works on a bicycle. It took me years of patience and waiting to wean her off Vista and onto Ubuntu. A VPN is a non‑starter. The kids are a different matter, and the grandkids take to this stuff like fish take to water, but I have found that when it comes to tech, convenience is king. We just alluded to it a couple of postings earlier.

    I'm afraid that I will need to keep it stupid‑simple, else everyone will just keep using Google Drive/Onedrive/Dropbox + their plethora of privacy‑murdering/profiling platforms merely because those are less "fussy".

  5. #35
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    To drag this thread kicking and screaming back on topic…

    @linuxyogi

    I thought this article might interest you: https://www.theregister.com/2021/02/...name_tracking/

    Forewarning: It makes for depressing reading, but my intent is not to ruin your day; it is to give you a realistic idea of what DoT and DoH achieve so that you don't get a false sense of security.

    It also reinforces other elements of this thread: that we have far more to worry about from other parties than from our ISPs.

  6. #36
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Ubuntu Budgie 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    @DuckHook || @TheFu
    I read that article. I give up. I will keep using DoT & hope for the best.
    Ubuntu Budgie 20.04

  7. #37
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    Quote Originally Posted by linuxyogi View Post
    …I give up…
    Well, don't go that far. Our privacy is still worth the good fight, and there are also good people fighting on our behalf. From the same article:
    Firefox running the add-on uBlock Origin 1.25+ can see through CNAME deception. So too can Brave, which recently had to repair its CNAME defenses due to problems it created with Tor.
    My intent was not to discourage you but to point out where the real enemy is. Once known, we can take measures to beat them. But make no mistake—it is not a fire and forget world that we live in. It is more like trench warfare where we constantly have to improvise solutions against many pressure points. But it IS doable if we take the time to "know thy enemy".

    So don't despair. But do stay vigilant. And it pays to keep our eye on new developments in the security/privacy/profiling front.

  8. #38
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Ubuntu Budgie 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    @DuckHook
    I use uBlock Origin under Firefox. I use Brave too but I haven't installed any addons on Brave coz I read its privacy focused by default. Do you think I should install uBlock Origin under Brave too ?
    I must also mention that I check for updates every morning, every single day. So no delay in installing security patches.
    Ubuntu Budgie 20.04

  9. #39
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    Quote Originally Posted by linuxyogi View Post
    …Do you think I should install uBlock Origin under Brave too ?
    Brave is sufficient on its own. It does not need further adblocking extensions. In fact, extensions are also something to carefully weigh, although stuff like NoScript, Ghostery and similar reputable ones are very useful. It bears mentioning that FF and Brave have evolved—and continue to evolve—to fight many kinds of these tricks. It's another example of the good guys winning some battles on our behalf, another reason for hope and carrying on. I contribute a small amount yearly to the Mozilla foundation. Do whatever you can to help.

    I hope that you are starting to understand the two main themes in all of the above:

    The first is that overly focusing on any sole set of tools is misguided. Of course we should use DoT/DoH. It's only sensible to do so. But there are many other measures that we must also take. A thread like this cannot teach you all of those things. It will involve a lot of reading and research, but that knowledge will empower you, so don't succumb to the dismay that it also sometimes brings.

    The second is that you should revisit your privacy expectations. This is a more subtle point but it is just as important. I have already posted my thoughts on privacy in a few passages above. TheFu also posted a very useful reply quite early in this thread. It is so pertinent that I will quote most of it in its entirety:
    Quote Originally Posted by TheFu View Post
    If you want real privacy, don't use the internet.
    There are different levels of privacy and how much you want probably doesn't overlap with how much is easy to accomplish. It isn't for me.

    When I want privacy,
    • I don't do it from home. I use a mom-pop cafe, not a corporate one. Corporate places with free wifi are everywhere. Assume those places are capturing your image, connection, DNS, and browsing. There are mitigations against each.
    • Use a full, paid, VPN who you can trust. How to know whether you can trust any VPN isn't easy. You'll need to work into the ownership, logging, and truly who is behind it. Often, the more privacy they claim to provide, the more likely your data ends up in a parent companies hands. Having headquarters in small countries often means the VPN can manipulate the govt there. If the CEO/President and CIO for a VPN provider don't actually live in the country where their HQ is located, I consider that a warning sign too.
    • How has the VPN reacted towards legal demands to provide information on the users? If you don't hear anything about them fighting cased in court - what does that mean? To me, it means they handed it all over. I know of only 1 VPN provider who has fought legal battles AND proved they couldn't provide any logs to the govt, so the govt went away.
    • When you sign up to pay for a VPN, use anonymous payment methods. Financial tracking is a real thing. Every year or two, I buy a Gift VISA card to buy VPN service. There is a pre-paid service charge for this ... basically I'm paying 10% more to ensure privacy. This card cannot have more money added to it. The cards that support adding are more traceable. To be used on the internet, we have to register the card with a name and ZIP code here. Many VISA payment systems use the ZIP code along with the PIN to validate the correct user. I look up a name and address for a real person, with a common name, somewhere else and "borrow" their name for this 1 transaction.
    • For the VPN, there are really 2 secure-enough technical solutions - openvpn and wireguard. I want a provider that does at least 1 of those. I avoid providers using commercial VPN tools. In an old job, I deployed VPN for 25,000 users. We used a commercial solution with a SecurID fob. I watch the IT security announcements and every year one of the commercial VPN tools seems to announce a failure in a deployment that effectively made the VPN useless for some months. OpenVPN can be setup to be very non-secure too. Some of the default settings commonly used have been cracked by govts around the world. The VPN provider I used last year allowed some control by users to drastically improve they crypto for our connections, but it wasn't the default which was used by most people.
    • The VPN will slow all connections. There's an extra middle-man between everything, after all.
    • There is TOR too, and for many people it is fine. A few years ago, I read an article about TOR that estimated 30-60% of all exit nodes were run by different govt spy agencies. Read up about TOR for why it can be anonymous, but has some very important caveats. For example, if you've ever use TOR and connected to UbuntuForums.org using your normal userid for the login, then you've just broken the veil of privacy. When using TOR, never use any accounts that you've used before. It is best not to post at all, since we each have a writing style that can be "finger printed" on the internet. That will lead back to an individual as well, for a sufficiently motivated searcher.


    Privacy is never a yes/no question. It is always on a scale. Always.
    Are you prepared to take such drastic measures? Because I'm not. They are just too burdensome and too constraining. I have accepted the fact that online life cannot be private or anonymous. I am more concerned about profiling and can try to keep it to a minimum, but I cannot make even that go away entirely. It's simply the price I pay for using the Internet.

    BTW, by coincidence, your concerns are fortuitously being raised at the same time that a lot of explanatory articles have been popping up. Here's another—maybe the most important so far posted—from El Reg that appeared just today: https://www.theregister.com/2021/02/...ech_extension/

    I have personally conducted a similar experiment in a lesser and unsystematic way. If you install NoScript on FF and turn off absolutely all scripting, the Internet essentially becomes unusable. There are no sites these days that are scriptless. Even denying just Google scripts will break most sites. The big four have successfully insinuated themselves into the very fabric of the Internet and have become part of its DNA. Their combined market capitalization is almost 6 Trillion dollars US. They are richer, more powerful and more influential than most small countries. So there's a limit to how much we can do fiddling around with technology and browser extensions. The real way to combat their baleful influence is through legislation. I often feel that my efforts would be better spent canvassing my legislators than adding this or that doodad to my install.

    The point is that you must have realistic expectations of what amount of privacy you can expect (profiling is a different matter). We no longer live in the world of our parents.

  10. #40
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Ubuntu Budgie 20.04 Focal Fossa

    Re: Configured Dns over TLS ..... Is this good for privacy?

    Quote Originally Posted by DuckHook View Post
    So don't despair. But do stay vigilant. And it pays to keep our eye on new developments in the security/privacy/profiling front.
    Can you recommend me a Youtube channel subscribing to which I will get to know the latest security news ?
    Ubuntu Budgie 20.04

Page 4 of 5 FirstFirst ... 2345 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •