,
11 tweets,
6 min read
Read on Twitter
@neil_neilzone 1/ I'm with you, but I am also not with you; literally, it's a matter where I am torn, and where (I suspect) the answer requires to be drilled into the browser.
The problem is (as-ever) an all-or-nothing digital question: do you want to respect the end-to-end principle?
The problem is (as-ever) an all-or-nothing digital question: do you want to respect the end-to-end principle?
@neil_neilzone 2/ You & I are both fans of Onion addressing, and in that we know that there is no DNS step at all — but do you fret about applications calling-out to Onion addresses? Probably not, because they (a) are rare and (b) generally are used to OFFER the capability of disintermediation.
@neil_neilzone 3/ Part of the value proposition of Onion addresses is that third parties (including you) cannot fiddle with them; but then why should we not extend this capability to DNS? Make DNS both authoritative and tamperproof?
Well, that's what you're railing against, now.
Well, that's what you're railing against, now.
@neil_neilzone 4/ The question, per Humpty Dumpty, is "who is to be master?" — PiHole, for instance, is apparently both nice and, but a protocol which lets "the state" knock other websites off the internet, is not so much.
@neil_neilzone 5/ My experience with lawmakers is that they say "this is addressable with technology, we shall simply bind the state from doing <bad thing> and carry on!" — but that's a bit shit, it's like binding the state from surveillance. Doesn't actually work. What _works_ is E2E.
@neil_neilzone 6/ So, what we need is (alas) *end-clients* which provide the desired controls to individuals, because any facility for being a "man in the middle" can and will be abused.
We need better browsers/platforms, under "our" control.
We need better browsers/platforms, under "our" control.
@neil_neilzone 7/ If it helps, consider that a lot of bad stuff could simply work by embedding IPv4 raw network addresses (cf: onion _addresses_) into the websites, and simply sail past DNS-filters of yours or anyone else's kind.
@neil_neilzone 8/8 We use DNS because of historical accident, to support use of human-accessible symbolic names for IPv4 endpoints in a space of network endpoint scarcity.
We're mostly past that, now. The future is E2E, again.
<fin/>
We're mostly past that, now. The future is E2E, again.
<fin/>
@neil_neilzone @threadreaderapp unroll, please.
@neil_neilzone @threadreaderapp 9/8>So I don’t think I’m against DoH, but rather not being able to control which resolver I use
…even if you can control which resolver you use, you can't control which resolver *they* use, and so forth up the stack.
Not to mention outright tampering.
…even if you can control which resolver you use, you can't control which resolver *they* use, and so forth up the stack.
Not to mention outright tampering.
@neil_neilzone @threadreaderapp 10/8 …this is why (elsewhere) I promote DNS-over-HTTPS-over-Onion, direct to a bland and fairly neutral third party (Cloudflare) as a potential way to defeat in-country DNS surveillance & blocks
