Why aren't you using DNS over HTTPS user?

Why aren't you using DNS over HTTPS user?
Open Firefox
Go to about:config
Set network.trr.mode to 3
Set network.trr.uri to doh.appliedprivacy.net/query

Congrats, you are now safe from your ISP

Attached: 3dpd.jpg (850x560, 43.61K)

Other urls found in this thread:

github.com/dimkr/nss-tls
raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md',
download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
download.dnscrypt.info/dnscrypt-resolvers/v2/opennic.md',
raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md',
evilvibes.com/list/opennic.md'
doh.appliedprivacy.net/query
twitter.com/AnonBabble

Oh and if you want it at the system level install github.com/dimkr/nss-tls

But user, I don't have anything to hide from my isp.

Because I'd want it implemented at my router so I still can sinkhole shit I wouldn't want.

Everyone has something to hide user

Damn, you din't fall for my trap. Yeahh you're right.

no results

Yeah I wonder.

It's DNSCrypt's fat, retarded cousin.

DNS over HTTPS is the love child of 2 secret service branches of the US government. Thankfully, since I run a dark theme on my browser, I could see your post glowing before I even read it.

If you want non-CIAnigger DNS encryption use dnscrypt on a system level. I recommend dnscrypt, which is written in C, and implements dnscrypt. Make sure to disable DoH since it also implements that.

Attached: 0888888c364726a2702cf896f35694ad789caf10a4aeed8404442db56b97aaad.jpg (640x480, 62.98K)

dnscrypt-proxy which is written in C*

because it's fucking retarded
no, you aren't (and I already was) and this is exactly why it's retarded

Cause theres literally no upsides to it over dnscrypt.

Update your Firefox

dnscrypt-proxy is written in golang nowadays and finally supports basic shit like fallback servers.

Fucking hell, guess it's time to uninstall. Another lost project.

tbh i got a headache trying to set up dnscrypt then just gave up.
This is because i assumed i had to specify a dns server to use, so i wanted to use opennic. But funny fucking thing is. It never used opennic even though i had it set in /etc/conf.d/dnscrypt-proxy like it asked.
But the weird fucking thing was even without it using my dns, it was still working? a quick check on netstat showed me it was connecting to other dns servers like 9.9.9.9 or 1.1.1.1. Now, i know the aformentioned ip, and identifed it immediently as cuckflare.
And since i couldn't figure out how to get the fucker to stop connecting to these shitty resolvers, i decided to just fucking uninstall it.
Theres no fucking way i'll use cuckflare, no way no ever.
Trying to search for a reason as to why it's doing this also gives me fuckall. Except i also found that there seems to be another config file? Which apparently has a lot of predefined shit in it "etc/dnscrypt-proxy/dnscrypt-proxy.toml" so i decided to comment all that shit out. It still connects to all those dns servers i don't want.
Seriously, at this point i don't know fucking how to configure this shitter or where the configs actually are.

I didn't know about 9.9.9.9, but I block a few of those in my pf.conf, just to be sure.
botnet_dns = "{ 8.8.8.8, 8.8.4.4, 1.1.1.1, 1.0.0.1 }"block out on egress inet proto { tcp, udp } from any to $botnet_dns port 53
It's nice that they use consistent IP address patterns. We should check anything that resembles those.

I just want to encrypt the connection between me and a single dns server, why does this need all these settings? Resolv.conf is simple and straight to the point, every configuration i've ever seen for dnscrypt is confusing as fuck.
Where's that?
Why do i need to block something if i'm going to manually tell it what server i want anyway?
It's quad9 dns, for me it was set as the default fallback in that .tmol config i was talking about. I thought disabling any fallback would stop the connections but it didn't.
At this point i just want to see no url resolved when using dnscrypt so i can manually add my own resolver.
This would help in the case that i would maybe create my own dns server in the future.

Do you happen to know any good guides to dnscrypt that is ass backwards or unconsistant with other guides? arch wiki has a shit guide, install gentoo wiki had agood guide but didn't work, and gentoo has no guide what so ever. using gentoo if that helps

isn't*

Because its slow and nowadays I'm more preoccupied with performance than privacy
I used to have all those addons from privacy guides, today I only use uBlock and a cookie auto deleter, that's more than enough and it also helps with performance

pf.conf is the packet filter config for OpenBSD and NetBSD (and any others that use pf). So that's how I block those DNS: at the firewall. You can probably do the same with iptables in Linux.
I never used dnscrypt, and it sounds a bit complicated, not sure it's worth my trouble. I'm more likely to do something altogether different, like for example increasing my local resolver (unbound) cache TTL, and storing a DB of all resolved hostnames, and notifying me if something changes. That way I can go back to using host files, basically. ^_^

Attached: Sleep.gif (480x368, 163.44K)

To lose muh XUL extensions? Kek

Because I'm using DNS over TLS instead.

You only lose your XUL extensions when you upgrade Firefox and also refuse to upgrade your XUL extensions. You have always had the power to do this, you simply refuse to make the investment.

Why can’t I use a VPN?

rtfm
dnscrypt comes working out of the box, all you really have to do is disable the cianigger DoH and make sure you're using the local server.

iptables isnt that nice. you have to reconfigure it manually after every reboot. sure you can make scripts do it but on openbsd theres a nice config file

I'll look into this.
Also, can someone explain to me why install gentoo wiki says to add new servers in a syntax that looks like this:
/etc/conf.d/dnscrypt-proxyDNSCRYPT_LOCALIP=127.0.0.1DNSCRYPT_LOCALPORT=40DNSCRYPT_USER=dnscrypt DNSCRYPT_PROVIDER_NAME=DNSCRYPT_PROVIDER_KEY=DNSCRYPT_RESOLVERIP=DNSCRYPT_OPTIONS="--edns-payload-size=4096" DNSCRYPT_RESOLVERPORT=443
And dnscrypt's wiki on github says to add servers like so:
server_names = ['server_i_want'][static][static.'server_i_want']stamp = 'sdns://SOME LONG STRING OF CONFUSING SHIT'

What the fuck is this stamp shit? why is the syntax so fucking retarded, why doesn't it work even when i go through all the trouble of doing it? WHY DOES NONE OF THESE WORK DESPITE BEING THE METHOD ON THE WIKIS?!?!
What fuck nigger made this shit.
I mean, the one on the installl gentoo wiki made some sense but this .tmol look fucking barbaric.

How about no? Followed by Waterfox or Palemoon.

Isn't the problem with DoH that all the people you are _actually_ trying to evade, like Cloudflare and Google are still tracking you? As alluded to here: Which begs the questions mentioned here:

Personally, I think DoH might be getting media attention because Google is trying to increase the market value of its own surveillance data by eliminating competitors (ISPs). Can anyone recommend any DNS services which are based and/or redpilled?

opennic

A bridge/tunnel (some sort of relay) or bust. There is no point to having DNS over HTTPS without one. All you would be doing is trading little to no privacy with slightly slower performance. If you are sending your requests without it being encrypted and rerouted your ISP will still see which addresses you are connecting to and will still archive (metadata or raw) and correlate it, especially if they are a big ISP and more so if private 3rd parties (advertisers) or Law Enf. get involved. You either cross your fingers and get a glow nigger VPN, use a mixnet or get a secure relay of some kind.

Protection from MitM or other similar attacks is the only benefit I could see to using it on normie net.

it hides quite well if you are a average tard that browses sites that are behind cloudflare or similar. there thousands sites share the ips and you cant access any specific site directly with the ip that you get from a dns query. all they will know then is that someone accessed the cloudflare network.

This is the right way to do it.


This is the wrong way. Browsers have no business maintaining an opinion on how DNS should be resolved.

Attached: 1413149629424-2.jpg (533x400, 16.49K)

Doesn't that default to (((cloudflare))) as DNS?


No thanks.

Yes, except I showed you how to change the default

Nope. TLS/SSL handshake includes the site-specific cert being transmitted in plain text.
There's a TLS extension that first negotiates encryption with whatever the fuck that kind of service is called, and then once talks are already encrypted the cert download with the site the person is actually visiting exchanges information is already encrypted.

I don't understand how you niggers can be this retarded.
Here's a demo config I made just now using the config that came with the package and it Just Works™ (uses only the OpenNIC servers):server_names = [ 'fvz-anyone', 'fvz-anytwo', 'opennic-famicoman', 'opennic-luggs', 'opennic-luggs2', 'opennic-onic', 'opennic-tumabox', 'publicarray-au', 'publicarray-au-doh']listen_addresses = ['127.0.0.1:53']max_clients = 250user_name = 'dnscrypt_proxy'ipv4_servers = trueipv6_servers = truednscrypt_servers = truedoh_servers = falserequire_dnssec = falserequire_nolog = truerequire_nofilter = trueforce_tcp = falsetimeout = 2500keepalive = 30use_syslog = truecert_refresh_delay = 240tls_disable_session_tickets = truefallback_resolver = '1.1.1.1:53'ignore_system_dns = truenetprobe_timeout = 30log_files_max_size = 1log_files_max_age = 1log_files_max_backups = 1block_ipv6 = falsecache = truecache_size = 1024cache_min_ttl = 600cache_max_ttl = 86400cache_neg_min_ttl = 60cache_neg_max_ttl = 600[query_log] format = 'tsv'[nx_log] format = 'tsv'[blacklist][ip_blacklist][whitelist][schedules][sources] [sources.'public'] urls = [ 'raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'download.dnscrypt.info/resolvers-list/v2/public-resolvers.md' ] minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' cache_file = 'dnscrypt-proxy.public.md' [sources.'opennic'] urls = [ 'download.dnscrypt.info/dnscrypt-resolvers/v2/opennic.md', 'raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'evilvibes.com/list/opennic.md' ] minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' cache_file = 'dnscrypt-proxy.opennic.md'[static]

Are you fucking with me?

same here, but it's also connecting to (((cloudflare))) so fuck you.

That config is retarded, why can't i just specify an ip to use and the public key and be over with it?
Why do i have to direct it towards fucking (((github))) in order for it to work? Why the fuck is a url doing in a dns resolver config.
DNScrypt is shit, all it needs to do is decrypt the incoming shit from x ip and send that to resolv.conf why you have to have such an ass backwards and confusing system that will only ruin security by relying on google,cloudflare,microsoft,github and other centralized systems is beyond me.

So there was a rewrite?
I guess that would explain why the syntax went to shit...

>Set network.trr.uri to doh.appliedprivacy.net/query
firefox stopped loading pages with those settings. set back to 0, but kept new web address you listed and it worked fine

what was the original web address in the 2nd part?

If you simply went out and machinegunned your enemies, you wouldn't have to worry about annoyances like this. Sage for yet another boring privacy thread.