Profile picture
Alec Muffett @AlecMuffett
, 11 tweets, 6 min read Read on Twitter
1/ Okay, essential DNS-privacy-related reading of the past few weeks, combined with a crazy idea; you need to read or skim three articles; firstly this one from Mozilla about DNS over HTTPS:

hacks.mozilla.org/2018/05/a-cart…
2/ Secondly Cloudflare's announcement of 1.1.1.1, a free, public, DNS server:

blog.cloudflare.com/announcing-111…
3/ Thirdly a less-well-read Cloudflare posting, re: the availability of their DNS resolution services over a Tor Onion Service:

blog.cloudflare.com/welcome-hidden…

Now, please do me a favour and park all of your anti-corporatism for a moment, and consider merely the tech & deployment:
4/ For years I've been (half-seriously) joking that Tor would make a fine, simple "backhaul" for IPsec-IKE, viz: the protocol which negotiates keys between two hosts connected over IPsec. The "self-authenticating" nature of Onion networking would bring much simplicity to IKE.
5/ But I realise that I was missing the obvious: the protocol that would improve most dramatically from the benefits of Onion networking is not IPsec.

It's DNS.
6/ So I am doubtless not the only person thinking like this (@grittygrease?) but a light went off in my head this morning: @mozilla have been kicking-around integrating aspects of @torproject into @firefox for _YEARS_, eg: as an enhanced "Private Browsing" mode.
7/ Thus: what if @firefox went a step further and integrated DNS-over-HTTPS-over-Onion as a backhaul for DNS? As an option, or for "Super-Private-Browsing"? You'd have a trusted link, straight into Cloudflare, who would not have your IP/tracking/etc because Onion.
8/ If you're a cloudflare-hater then feel free to grumble, but in future there would be no requirement to use them exclusively.

What I am getting at is that —with some nudging— we could maybe have a /really/ interesting deployment: Secure, unblockable, high-integrity DNS.
9/9) So, I am writing this to ask my friends and peers:

1. would it work?
2. could we make this happen?
3. if so, history aside, can we work _together_ towards making it happen?
/cc variously @torproject @TomRittervg @rlbarnes @grittygrease ...
If any argument is needed for putting DNS-over-HTTPS-over-Onion into TorBrowser, if not @Firefox itself, let it be that people literally once were spraypainting 8.8.8.8 onto walls, to help bypass censorship.

DNS censorship bypass can become a tickbox.

m.mic.com/articles/85987…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Alec Muffett
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @AlecMuffett see all

Profile picture
justsecurity.org/62114/give-gho…
1/ Applying this idea to WhatsApp, it would mean that—upon receiving a court order—the company would be required to convert a 1-on-1 conversation into a group chat, with the government as the third member of the chat. But that’s not all.
2/ In WhatsApp’s UX, users can verify the security of a conversation by comparing “security codes” within the app. So for the ghost to work, there would have to be a way of forcing both users’ clients to lie to them by showing a falsified security code, ...
Read 39 tweets
Profile picture
THREAD: QUESTION FOR ALL SECURITY PEOPLE — in this day and age, would you buy a single-vendor IT security solution which advertised itself as "the gold standard" for data security protection?

Would you give that claim any credence whatsoever?
The infosec world has a long-established term for such glib claims: "Snake Oil" - this terminology goes back to the 1990s or earlier, for vendors who were selling sub-par cryptography as "military-grade" or other supposed but meaningless description interhack.net/people/cmcurti…
Particularly telling for "Snake Oil" are the words and phrases that are used to describe the security solution, process, or tool, its development, mechanism, or vendor:

* "Trust Us, We Know What We're Doing"
* "Unbreakability"
* "Military Grade"

interhack.net/people/cmcurti…
Read 27 tweets
Profile picture
@breenemachine @alexstamos 1/ Well, I've been doing this stuff to 30 years and still learn every day/week; that said, the generalities are several thousand years old and after a while you will see the same issues coming up in new clothes. But you can read around the topic in your own time. […]
@breenemachine @alexstamos 2/ Maybe half of the people I have worked with in infosec have been CS students. There is no barrier to entry. I have worked with chemists, physicists (me = astronomer), med students, linguists, performing arts students, english lit majors, and some have have no college degree.
@breenemachine @alexstamos 3/ There are 2x main paths to learning: 1 is to seek formal education - cyber-this, ethical-hacking-that - and it's fine. You'll learn, but if you only learn "security stuff" then you'll be a pentester, and I love pentesters but lord, we have enough already.
Read 17 tweets

Related threads

Profile picture
Okay, so we're all having fun with the fact that impeachment only meaningfully applies while he is sitting, but this is part of a two-pronged attack on accountability.
Half the time they talk about how it's not right to go after sitting officials, it's a distraction, it's political.

The other half of the time, the story is: "Well, nothing was done about this before so it seems suspicious that it's suddenly a problem now."
Trump declared Kavanaugh's confirmation a vindication against all outstanding allegations, just as he and his proxies hold up his election as an answer to accusations made against him. The implicit standard is "If you got away with it, it must not have been a crime."
Read 6 tweets
Profile picture
The world is a casino. Even democracy is just another game to bet on. Playthings for plutocrats. Ain’t that right @Nigel_Farage? bloomberg.com/news/features/…
It’s literally a game to these people. Fomenting fascist far-right movements for fun and profit. Dismantling governments and alliances to wield power unaccountably. newyorker.com/magazine/2018/… by @JaneMayerNYer
Update: Turns out @berit_anderson and @bretthorvath designed the game with @randylubin but unclear how Bekah Mercer got a hold of it or how Jane Mayer got details to report on it.
Read 5 tweets
Profile picture
Over the past few weeks we learned the UN resolution against Israeli settlements was at center of Flynn guilty plea. Puts this deleted #darkpost #darkads from an org heavily-backed by Sheldon Adelson in new light [THREAD]
This #darkpost from the Republican Jewish Coalition ran 12/26 -- it is the only dark post, & likely the only ad they've ever run. They have since either deleted the ad or deleted the Facebook Business Manager account they used.
This is the permalink to the now deleted RJC dark post: facebook.com/10153919615676…
Read 8 tweets

Trending hashtags

#NewHorizons #bot #Twitter #Travel #INDIA #unga2018 #TrumpRussia #historic #ONA17 #ImmigrantChildren #Belgariad #opsec #parents #read #ProudCandian #propaganda #CulturalDifferences #YoonminAU #psyops #Cobra #Indian #FundTheWall #disabled #TentCity #challenges

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!