Norton ConnectSafe DNS is Retiring

Oh no, I believe OpenDNS will collect data.

 

yeah, none of the big players are any different than the others. they all collect data and use it for revenue-generating (ads, selling data to 3rd parties, etc) or other purposes. some do it discreetly, some blatantly.

 

Maybe here. (Cloudflare) Old document though.

https://www.reddit.com/r/privacy/comments/41cb4k/be_careful_with_cloudflare/

Also here under Criticism and controversies and Criticism of total content neutrality.

https://en.wikipedia.org/wiki/Cloudflare

 

Have used Norton ConnectSafe in the past. Has 3 levels you can choose
from for blocking content. Better alternatives out there?

 

you can try yandex dns. it has the same three-level model.

 

Problem solved, run your own DNS.

https://pi-hole.net/2018/06/09/ftldns-and-unbound-combined-for-your-own-all-around-dns-solution/

 

End-of-Life announcement for Norton ConnectSafe

 

That's not really running your own DNS. It puts yet another "man-in-the-middle" between you and where you want to go. That adds latency (delays). If you look at the flow chart in that link, it then takes your query to 1.1.1.1, OpenDNS or Google Public DNS. At least Pi-Hole correctly admits the major drawback to this process, "traversing the entire path maybe be slow". Yeah, with a 1/2 dozens extra steps in the process, that makes sense. A bit ironic since FTL stands for "faster than light".

Still, Pi-Hole is worth keeping an eye on!

 

You didn't understand text in that link. There are two flowcharts and Becho refers to second. Configuring according to second flow chart means own recursive DNS server is used instead of some Big Company nameserver. This approach have both advantages and disadvantages compared to using i.e. 1.1.1.1.

 

I understand it. It puts a man-in-the-middle.

I am not saying that is necessarily bad, but it will indeed, as he noted, slow the process down, at least until the necessary white lists are created.

The idea of that pi-hole process is not speed. It is blocking ads - ads that can result in using up mobile devices monthly data allotments.

 

It just places that recursive server on private hardware owned by user rather than Cloudflare or other Big Company infrastructure.
It adds man-in-the-middle server locally, but removes one remote man-in-the-middle server.

 

I was referring to the second chart. I have been using this pi-hole/recursive dns with Unbound for the past month & have had an excellent experience. No slow downs whatsoever unless the site is so brand new that it has never been queried ever but like they said maybe 1 second look up, then added to the pi-hole cache. I only posted to say that I once did use Norton for a while & bounced between my isp, Quad9 & the G. Once I bought my $44 Pi I learned how my DNS queries are now mine & the adblocking is a bonus. My home network feels so much more robust. Also, Pi-hole with FTL is out of beta.

Honestly though I’m pretty sure my isp has some tricks up it’s sleeve & maybe this is just snake oil & they are able to see what I see, hopefully not though.

 

Hi.
After reading the report below:

https://www.wilderssecurity.com/threads/dns-protection-services-april-2018-tests.403851/

I did some tests using the PhishTank database:

With only valid phish URLs:



I have considered:

1) Yandex DNS
2) Open DNS
3) Quad9 DNS

In my small test the Open DNS were the best ones to stop URLs to Phishing content.
If you have a different opinion, I'm happy to read your thoughts.
TH.

 

I use Simple DNSCrypt.

https://www.majorgeeks.com/files/details/simple_dnscrypt.html
"Simple DNSCrypt provides you with a simple tool for making sure that your DNS queries are securely encrypted.

It is intended to work as an uncomplicated way to block any 3rd party from attempting to penetrate your privacy by snooping on your DNS traffic. And keep in mind that unsecured DNS traffic can also be vulnerable to man-in-the-middle attacks.

Simple DNSCrypt is a cinch to set up, all that is required is the selection of the network card that requires protection and then you choose a DNS proxy. From there Simple DNSCrypt will automatically configure the rest by ensuring that DNS queries performed by your network card will utilize the localhost."