DNS-over-HTTPS: Privacy and Security Concerns

Discussion in 'privacy technology' started by mood, Sep 7, 2019.

  1. MonarchX

    MonarchX Registered Member

    Joined:
    Apr 27, 2019
    Posts:
    14
    Location:
    Here
    For me it is the other way around. That setting shows up in Chrome and Brave browsers, but not in Edge... I don't know what the problem is... Resetting everything to defaults and removing all Edge user account files made no difference.
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    US govt agencies to disable DoH until federal service is ready
    April 30, 2020
    https://www.bleepingcomputer.com/ne...o-disable-doh-until-federal-service-is-ready/
     
  3. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    638
    Location:
    Island of Woman
    Does not work in chrome a lot depends on your ISP ( the explanation is quite technical and I don't fully understand it) , tried in Firefox it works, esni too, don't bother with chrome if u really needs this
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    Windows 10 gets DNS over HTTPS support, how to test
    May 13, 2020
    https://www.bleepingcomputer.com/news/microsoft/windows-10-gets-dns-over-https-support-how-to-test/
    Microsoft: Windows Insiders can now test DNS over HTTPS
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    Google Chrome v83 - "Secure DNS"
    Chrome 83 Encrypts DNS Requests by Default — Where Allowed
    May 20, 2020
    https://www.cbronline.com/news/dns-over-https-in-chrome
    Google: A safer and more private browsing experience with Secure DNS
     
    Last edited: May 20, 2020
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    Comcast, Mozilla strike privacy deal to encrypt DNS lookups in Firefox
    Comcast/Mozilla deal follows dispute over ISP snooping and DNS encryption
    June 25, 2020

    https://arstechnica.com/tech-policy...ivacy-deal-to-encrypt-dns-lookups-in-firefox/
    Mozilla: Comcast’s Xfinity Internet Service Joins Firefox’s Trusted Recursive Resolver Program
     
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,444
    Location:
    USA
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
    LOL! I was also thinking that Comcast is probably not the best choice RE privacy. Their posted privacy policy states they only share "non personal information":

    "As described in more detail below, Comcast may provide non-personal information to third parties that provide analytics services or participate in online advertising – either on behalf of Comcast or on their own. You may opt-out of these uses of non-personal information as explained in the “Cookies and Site Analytics” section below. Comcast will not provide your personal information to these advertisers unless you provide any required consent for us to do so."

    https://www.xfinity.com/corporate/privacy

    I'll stay with Quad9:

    https://www.quad9.net/home/privacy/
     
    Last edited: Jun 25, 2020
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,444
    Location:
    USA
    I am staying with Quad9 as well. Comcast made too much of a stink about this for me to trust them now. They are not currently my ISP but have been in the past and are an available option. I am actually paying someone else more to avoid going back to them. I'm not sure if Comcast has upgraded their DNS network in the recent past but there have been multiple instances where their DNS servers went down for extended periods of time so a more reliable DNS provider is always ideal with them anyway.
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    Apple adds support for encrypted DNS (DoH and DoT)
    Apple said this week that iOS 14 and macOS 11 will support the DNS-over-HTTPS and DNS-over-TLS protocols
    June 25, 2020

    https://www.zdnet.com/article/apple-adds-support-for-encrypted-dns-doh-and-dot/
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    Microsoft adds Windows 10 DNS over HTTPS settings section
    August 5, 2020
    https://www.bleepingcomputer.com/ne...s-windows-10-dns-over-https-settings-section/
     
  12. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    529
    Location:
    South Park, CO
    Oddly enough, DOH still works for me on the current Chromium-based SlimJet using a command-line flag that no longer works on the equivalent Chromium build.
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    DNS-over-HTTPS (DoH) support added to Chrome on Android
    DoH support added to Chrome 85, released last week, and slowly rolling out to all Android users in the coming weeks
    September 2, 2020

    https://www.zdnet.com/article/dns-over-https-doh-support-added-to-chrome-on-android/
    Google: A safer and more private browsing experience on Android with Secure DNS
     
  14. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    529
    Location:
    South Park, CO
    Google is just catching up to the Chromium-based Bromite for Android, which has offered browser-level DOH for some time (although on the latest version it doesn't work for me on 8.1 but works fine on a 5.0 tablet).
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    How to enable DNS-over-HTTPS (DoH) in Windows 10
    (& Chrome, Edge, Firefox)
    September 13, 2020

    https://www.bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-in-windows-10/
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,373
    Location:
    Under a bushel ...
    AdGuard for Desktop 7.5.1 now has the feature which to allow one to choose DNS providers, including the DoH (or regular, or DNSCrypt) setting.

    Quad9 with DoH here, across browsers ....
     
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,273
    Mozilla opens public consultation for controversial DNS over HTTPs launch
    Decision likely taken after recent backlash from ISPs and the UK government
    November 18, 2020

    https://www.itpro.co.uk/network-int.../357820/mozilla-dns-https-public-consultation
    Mozilla: Mozilla DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) Comment Period: Help us enhance security and privacy online
     
  19. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    847
    Location:
    usa
    Just some "strange thing" about using DNS - over - HTTPS.
    If I have my browser set to "secure" DNS - Cloudfare 1.1.1.1 , and use a VPN app, then,
    doileak shows the following:
    We received DNS requests from you via a DNS server from another AS (routable network) than your HTTP request. This could mean that your DNS requests are leaking.


    If I set my DNS to the Current Service Provider (my ISP), then, doileak shows:

    Your DNS configuration seems to be ok. All your DNS request(s) came from the same network as your HTTP request (or from anonymous DNS servers).
     
  20. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    847
    Location:
    usa
    I've tried your link, but got the following message:

    The connection for this site is not securednscrypt.info sent an invalid response.
     
  21. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,188
    Win 10
    I have DNS set to Cloudflare on Network Adapters.

    DNS over HTTPS
    Chrome, Edge Chromium, and Vivaldi provide two options-
    • Choose the current provider
    • Choose a provider (Custom) (Firefox provides this option only)
    If I choose the current provider option, https://browserleaks.com shows no DNS leaks.
    If I choose the custom option and select a provider, https://browserleaks.com shows DNS leaks. And as mentioned above, Firefox provides this option only, https://browserleaks.com shows DNS leaks with Firefox (if you set a provider).
     
    Last edited: Jul 5, 2021
  22. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    847
    Location:
    usa

    Is it leaking while you are using the MOST MARKETED ExpressVPN?
    Just kidding.
    Due to the Firefox (and Brave) DoH arrangement with Cloudfare, one must choose to
    a) either trust PUBLIC (and FREE) Cloudfare
    or
    b) your VPN service provider.
     
  23. A_mouse

    A_mouse Registered Member

    Joined:
    Jul 29, 2019
    Posts:
    70
    Location:
    A field
    Bare in mind that a VPN normally uses its own DNS so you don't leak outside the system, but if your browser is trying to use a different DNS you may end up leaking.
    If and when you opt to use DoH in the OS, any VPN you use should again be trying to ignore it or risk leaking.
     
  24. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,188
    I edited the post and removed VPNs as users may think the mentioned ones couldn't protect against the DNS leaks.

    It seems-
    No DNS leaks with the "Choose the current provider" option.
    DNS leaks with the "Choose a provider" option.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.