HTTPS Everywhere vs. DNSCrypt

Discussion in 'privacy technology' started by TomAZ, Nov 21, 2012.

Thread Status:
Not open for further replies.
  1. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Do HTTPS Everywhere and DNSCrypt essentially do the same thing, or is there value in having both?
     
  2. jedisct1

    jedisct1 Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    39
    Location:
    San Francisco, CA
    They solve a totally different problem. Use both.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    HTTPS encrypts your webpage/ the data that would normally go over HTTP. DNS is separate, and is typically unencrypted. OpenDNS encrypts the DNS requests.
     
  4. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Thanks to both of you. Appreciate the clarification.

    With Firefox, how do you know when HTTPS Everywhere is working and has kicked in on a site? Will it display just like any other secure (https) site?
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Yes. the URL will show HTTPS.
     
  6. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    What are the pros and cons of using the "SSL Observatory" feature?
     
  7. The only thing good thing about Firefox is No-Script. Besides that Chrome is the better browser by a long long way.

    I'm not sure why the open source community still uses Firefox, I can't see a good enough reason for Chrome not to be stock on all Linux distro's besides a dislike for google.
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    That's a big "but" or "besides". Some would rather not let Google do everything for them. In fact, many would rather have little to nothing to do with Google.
     
  9. Goggle is not EVIL. They make some very good products like Chrome, Gmail, GoogleDocs & Android (lacks in security I admit). Their spam filter is the best in the world too. So it's not all bad, at least they are transparent in their dealings with LE. Sure they could have a better privacy policy but in the end I still use their services because their good.

    Who does Firefox or the Mozzila foundation answer to? No one is my guess. At least we know Google's privacy policy and their interactions with LE. Mozilla has been caught supplying fake certificates to Anonymous in the PEDO DARKNET OP. IMHO Firefox has major issues with certificates, I've been MiTM more than once so I don't trust it. Besides No-Script which I don't know why hasn't been ported to chrome, there really isn't anything good in Firefox. Chrome beats it hand's down for security and speed, and you can beef it up security wise..
     
    Last edited by a moderator: Nov 27, 2012
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    A lot of browsers give no warning if the OCSP check fails because the OCSP server is down, but you can change that in the settings. Don't know if Chrome has/had that? Read this too:
    -http://chromebygoogle.net/2012/02/symantec-criticises-google-for-stripping-security-certificate-checks-from-chrome-2/-
     
  11. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    What, if anything, can you do in Firefox?
     
  12. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    i was already using OpenDNS so i started using Crypt and Https Everywhere for Chrome to check it out..
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    By default, OCSP is done on certificates that specify an OCSP server. You can also set it to validate all certs on a specified server(there is a whole list to choose from or you can enter an URL yourself) And there is an option to treat the cert as invalid if there is no connection possible to the OCSP server(for example when it is down or hacked.)
     
  14. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Where exactly in FF do you make these changes -- and can you give me a couple examples of these "other" servers.
     
  15. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    On a privacy forum that is a pretty big exception. I personally use gmail as for me government isn't my primary concern, malicious users are. Now if I wasn’t for a country’s government I was living in or concerned of data interception, Google is the last resource I would want to turn to, even if it is the best free solution. Keep in mind Google at the end of the day is a company, they are starting to branch out, but make no mistake their main source of income is still the data collected and analyzed through their free services and search tools. (for both marketing, legal, and intelligence)
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Go to settings->advanced->encryption->validation. The servers are from CA's including well known ones like Comodo, Go Daddy and Verisign.
     
  17. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    My Computer seems to be a lot faster now since i have been using DNSCrypt.
     
  18. You see I agree with you, But stuff like Gmail, Youtube, GoogleDocs are worth using IMHO. Even if their privacy policy isn't up to scratch I'll still use them despite privacy concerns.

    I just figure someone, somewhere is watching.
     
  19. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
  20. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I think that LinkScanner (AVG ThreatLabs gets its data from it) detected something in one of OpenDNS forum pages. Maybe someone posted a link to an exploit/other page to be blocked? o_O

    For some reason I cannot see what's provided here: -http://www.avgthreatlabs.com/sitereports/domain/forums.opendns.com/#analytics

    Can anyone open it and see what info does it reveal? Maybe it will reveal what it blocked...
     
  22. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    280
    I took a screenshot and uploaded it for you: -http://i48.tinypic.com/rbw0h3.jpg-

    HTML/Framer -http://www.htmlframer.com/-
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.