ZDNet

DNS-over-HTTPS causes more problems than it solves, experts say

ZDNet

The DNS-over-HTTPS (DoH) protocol is not the privacy panacea that many have been advocating in recent months.

If we are to listen to networking and cybersecurity experts, the protocol is somewhat useless and causes more problems than it fixes, and criticism has been mounting against DoH and those promoting it as a viable privacy-preserving method.

The TL;DR is that most experts think DoH is not good, and people should be focusing their efforts on implementing better ways to encrypt DNS traffic — such as DNS-over-TLS — rather than DoH.

Full article

Miscellanious

Mullvad app 2019.8

The Mullvad app version 2019.8 for Windows, macOS, and Linux has been released offering you more control over bridge connections and WireGuard key management.

None of use here at privacynow.eu use the bridge function per default, but if you do you’ve got a nice new feature in the 2019.8 release as you now in a very convenient way can choose both entry and exit node.

For Linux and macOS users, the WireGuard key management has been improved. The WireGuard performance over 4G networks has been improved.

Mullvad say a number of Windows users were suffering from DNS issues with the app. This issue has been resolved, and as a result, most Windows users should experience noticeably quicker connection times.

Other notables

  • Servers are now listed using natural sorting.
  • The list of countries and cities is now sorted alphabetically according to your app’s language setting.
  • Unavailable servers are now shown in the list rather than hidden from view.
  • (CLI users) The mullvad status command now returns only your current VPN status. If you also want your location, add –location to the command.
  • (macOS) Uninstallation is now much cleaner.

Read the full blog post about the 2019.8 release here.

BleepingComputer

Most Cyber Attacks Focus on Just Three TCP Ports

BleepingComputer

Small to mid-sized businesses can keep safe from most cyber attacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents.

A report from threat intelligence and defense company Alert Logic enumerates the top weaknesses observed in attacks against over 4,000 of its customers.

Top TCP ports attacked

According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH (Secure Shell), the HTTP (Hypertext Transfer Protocol), and the HTTPS (Hypertext Transfer Protocol Secure).

Full article

EFF

Innocent Users Have the Most to Lose in the Rush to Address Extremist Speech Online

Elecgtronic Frontier Foundation

Internet Companies Must Adopt Consistent Rules and Transparent Moderation Practices

Big online platforms tend to brag about their ability to filter out violent and extremist content at scale, but those same platforms refuse to provide even basic information about the substance of those removals. How do these platforms define terrorist content? What safeguards do they put in place to ensure that they don’t over-censor innocent people in the process? Again and again, social media companies are unable or unwilling to answer the questions.

Full article

Miscellanious

Yet another crap article from ZDNet

A few days ago we realised that ZDNet published an article mentioning a VPN provider, StrongVPN, in terms like “more respectful”, “great”, “simple” and “does well with its protocol options”.

The problem is that for each sold account when the user is coming from from ZDNet the magazine gets a kickback. Do you need to be a rock scientist or brain surgeon to understand that words can’t be trustworthy if a kickback is involved?

ZDNet claims to “support you need to make the right IT decisions for you”. What a joke!

Now they’ve done it again. In an article about The 10 best smartphones you can buy right now every link to Amazon ends with ?tag=zdnet-deals-20 or an equivalent. Then Amazon can track who is coming from this article and in case they buy a new cell phone Amazon can pay the kickback.

Behaviour like this is crap!

Miscellanious

Android app released by Mullvad

The Swedish VPN provider Mullvad has released their first Android app in a beta version according a blog post published on September 20th, 2019.

Much can be said about VPN providers and their security and we recommend that you choose a supplier that meets the following requirements:

  • let you pay by cash as this probably is the most secure payment method
  • don’t log DNS requests
  • let you create an account without any information about you (name, e-mail address, phone number etc)
  • giving money back to privacy causes
  • offers WireGuard protocol

Maybe the most important thing off all – choose a VPN provider not offering an Affiliate Program as kickback is the easiest thing to offer to get higher ranking on obscure sites.

Miscellanious

Stay away from DNS over HTTPS

In a blog post on ungleich.ch you can read why you should stay away from DoH, DNS over HTTPS, now being rolled out by both Google in their Chrome browser and by Mozilla in their Firefox browser.

DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.

Quote from the blog post on ungleich

The author asks if DoH is bad only for EU citizens.

No, it’s bad for the US citizens too. Because whether you trust Cloudflare or not, you’ll end up directly supporting centralisation by using DoH in Firefox. Centralisation makes us depend on one big player, which results in fewer choices and less innovation. Centralisation affects everybody by creating a dangerous power and resource imbalance between the center and the rest.

Have you deactivated DoH in your Firefox browser yet?

ZDNet

Mozilla to gradually enable DNS-over-HTTPS for Firefox US users later this month

ZDNet

Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.

The browser maker has been testing DoH support in Firefox since 2017. A recent experiment found no issues, and Mozilla plans to enable DoH in the main Firefox release for a small percentage of users, and then enable it for a broader audience if no issues arise.

“If this goes well, we will let you know when we’re ready for 100% deployment,” said Selena Deckelmann, Senior Director of Firefox Engineering at Mozilla.

What is DoH?

DoH (IETF RFC8484) allows Firefox to send DNS requests as normal-looking HTTPS traffic to special DoH-compatible DNS servers (called DoH resolvers). Basically, it hides DNS requests inside the normal deluge of HTTPS data.

By default, Firefox ships with support for relaying encrypted DoH requests via Cloudflare’s DoH resolver, but users can change it to any DoH resolver they want.

When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.

By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.

Full article

EFF

Facebook’s Dating Service is Full of Red Flags

EFF

If you open Facebook’s mobile app today, it will likely suggest that you try the company’s new Dating service, which just launched in the U.S. after a rollout in 19 other countries last year. But with the company’s track record of mishandling user data, and its business model of monetizing our sensitive information to power third-party targeted advertising, potential users should view Facebook’s desire to peek into our bedrooms as a huge red flag.

Full article

EFF

As Ola Bini Prosecutors Wrap Up Investigation, Amnesty Calls Out Human Rights Violations in His Case

Electronic Frontier Foundation

Today marks the last day that the Ecuadorean prosecution has to investigate its case against Ola Bini, the Swedish free software programmer who was arrested there in April and detained for over two months without trial and without clear charges. On Thursday, the judge accepted a plea by the prosecutors to change the nature of the charges, switching from one part of Ecuador’s broad cybercrime statute to another. It seems likely that the prosecution will rely on evidence uncovered a few weeks ago that depicted Bini accessing an open, publicly available telnet service: an act that is, in itself, entirely legal under any reasonable interpretation of the law.

The sudden swapping out of charges at the last moment is just the latest twist in a politically charged and technically confused prosecution. It should be no surprise, then, that Amnesty International this week released a statement denouncing Ecuador’s treatment of Bini. The organization, which works to protect human rights globally, has determined that the Ecuadorian state failed to comply with its obligations under international law during Bini’s arrest and subsequent detention. In addition to this pronouncement, Amnesty has also expressed serious concern that political interference jeopardizes the chance for a fair trial, concerns that EFF has raised as well.

Full article