Account Share

 

Thread by @AlecMuffett: "1/ Okay, essential DNS-privacy-related reading of the past few weeks, combined with a crazy idea; you need to read or skim three articles; f […]"

11 tweets, 6 min read
1/ Okay, essential DNS-privacy-related reading of the past few weeks, combined with a crazy idea; you need to read or skim three articles; firstly this one from Mozilla about DNS over HTTPS:

hacks.mozilla.org/2018/05/a-cart…
2/ Secondly Cloudflare's announcement of 1.1.1.1, a free, public, DNS server:

blog.cloudflare.com/announcing-111…
3/ Thirdly a less-well-read Cloudflare posting, re: the availability of their DNS resolution services over a Tor Onion Service:

blog.cloudflare.com/welcome-hidden…

Now, please do me a favour and park all of your anti-corporatism for a moment, and consider merely the tech & deployment:
4/ For years I've been (half-seriously) joking that Tor would make a fine, simple "backhaul" for IPsec-IKE, viz: the protocol which negotiates keys between two hosts connected over IPsec. The "self-authenticating" nature of Onion networking would bring much simplicity to IKE.
5/ But I realise that I was missing the obvious: the protocol that would improve most dramatically from the benefits of Onion networking is not IPsec.

It's DNS.
6/ So I am doubtless not the only person thinking like this (@grittygrease?) but a light went off in my head this morning: @mozilla have been kicking-around integrating aspects of @torproject into @firefox for _YEARS_, eg: as an enhanced "Private Browsing" mode.
7/ Thus: what if @firefox went a step further and integrated DNS-over-HTTPS-over-Onion as a backhaul for DNS? As an option, or for "Super-Private-Browsing"? You'd have a trusted link, straight into Cloudflare, who would not have your IP/tracking/etc because Onion.
8/ If you're a cloudflare-hater then feel free to grumble, but in future there would be no requirement to use them exclusively.

What I am getting at is that —with some nudging— we could maybe have a /really/ interesting deployment: Secure, unblockable, high-integrity DNS.
9/9) So, I am writing this to ask my friends and peers:

1. would it work?
2. could we make this happen?
3. if so, history aside, can we work _together_ towards making it happen?
If any argument is needed for putting DNS-over-HTTPS-over-Onion into TorBrowser, if not @Firefox itself, let it be that people literally once were spraypainting 8.8.8.8 onto walls, to help bypass censorship.

DNS censorship bypass can become a tickbox.

m.mic.com/articles/85987…
Missing some Tweet in this thread?
You can try to force a refresh.
This content can be removed from Twitter at anytime, get a PDF archive by mail!
This is a Premium feature, you will be asked to pay $30.00/year
for a one year Premium membership with unlimited archiving.
Don't miss anything from @AlecMuffett,
subscribe and get alerts when a new unroll is available!
Did Thread Reader help you today?
Support me: I'm a solo developer! Read more about the story
Become a 💎 Premium member ($30.00/year) and get exclusive features!
Too expensive?
Make a small donation instead. Buy me a coffee ($5) or help for the server cost ($10):
Donate with 😘 Paypal or  Become a Patron 😍 on Patreon.com
Trending hashtags
Did Thread Reader help you today?
Support me: I'm a solo developer! Read more about the story
Become a 💎 Premium member ($30.00/year) and get exclusive features!
Too expensive?
Make a small donation instead. Buy me a coffee ($5) or help for the server cost ($10):
Donate with 😘 Paypal or  Become a Patron 😍 on Patreon.com