[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Mozilla's DNS over HTTPS does not complement Tor
Where is this documented?
Cordially,
Nathaniel Suchy (they/them)
Sent from ProtonMail Mobile
On Sun, Mar 8, 2020 at 5:21 PM, Ben Tasker <ben@xxxxxxxxxxxxxxx> wrote:
> The canary domain will only disable DoH if you've been defaulted into using
> DoH.
>
> If you've actively turned it on, or set network.trr.mode to 3 then the
> canary will not disable it.
>
> On Fri, Mar 6, 2020 at 2:58 PM Nathaniel Suchy <
> nathanielsuchy@xxxxxxxxxxxxxx> wrote:
>
>> Even if that option is enabled it is my understanding that a network
>> administrator can still override your decision during a man in the middle
>> attack well you can imagine how this is problematic. I run a local DNS
>> resolver over Tor for my non-Tor traffic as I don’t trust Mozilla’s
>> implementation.
>>
>> Cordially,
>> Nathaniel Suchy (they/them)
>>
>> Sent from ProtonMail Mobile
>>
>> On Fri, Mar 6, 2020 at 2:07 AM, <hansvader@xxxxxxxxxx> wrote:
>>
>> > You can use network.trr.mode to enforce the use of DoT. IIRC 3 is to
>> > enforce it and not using other DNS. When using network.trr.mode Firefox
>> > should not do any other DNS than DoH. This should adress your concerns.
>> >
>> > The best way is to use DoT and to have it directly implemented into your
>> > router or locally on your machine. I don´t think the Mozilla approach is
>> > useless. It´s a better than nothing approach. Last, but not least you
>> > can use different DoH servers in FF. You are not tied to the default.
>> > Though the average Joe may not have the ability to use a custom DoH
>> > server in their Firefox.
>> >
>> > BTW, what router manufacturer already has DoT implemented?
>> >
>> > --
>> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> > To unsubscribe or change other settings go to
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> --
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>
> --
> Ben Tasker
> https://www.bentasker.co.uk
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk