The DNS-over-HTTPS (DoH) protocol is not the privacy panacea that many have been advocating in recent months.
If we are to listen to networking and cybersecurity experts, the protocol is somewhat useless and causes more problems than it fixes, and criticism has been mounting against DoH and those promoting it as a viable privacy-preserving method.
The TL;DR is that most experts think DoH is not good, and people should be focusing their efforts on implementing better ways to encrypt DNS traffic — such as DNS-over-TLS — rather than DoH.
The Mullvad app version 2019.8 for Windows, macOS, and Linux has been released offering you more control over bridge connections and WireGuard key management.
None of use here at privacynow.eu use the bridge function per default, but if you do you’ve got a nice new feature in the 2019.8 release as you now in a very convenient way can choose both entry and exit node.
For Linux and macOS users, the WireGuard key management has been improved. The WireGuard performance over 4G networks has been improved.
Mullvad say a number of Windows users were suffering from DNS issues with the app. This issue has been resolved, and as a result, most Windows users should experience noticeably quicker connection times.
Servers are now listed using natural sorting.
The list of countries and cities is now sorted alphabetically according to your app’s language setting.
Unavailable servers are now shown in the list rather than hidden from view.
(CLI users) The mullvad status command now returns only your current VPN status. If you also want your location, add –location to the command.
(macOS) Uninstallation is now much cleaner.
Read the full blog post about the 2019.8 release here.
Small to mid-sized businesses can keep safe from most cyber attacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents.
A report from threat intelligence and defense company Alert Logic enumerates the top weaknesses observed in attacks against over 4,000 of its customers.
Top TCP ports attacked
According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH (Secure Shell), the HTTP (Hypertext Transfer Protocol), and the HTTPS (Hypertext Transfer Protocol Secure).
Internet Companies Must Adopt Consistent Rules and Transparent Moderation Practices
Big online platforms tend to brag about their ability to filter out violent and extremist content at scale, but those same platforms refuse to provide even basic information about the substance of those removals. How do these platforms define terrorist content? What safeguards do they put in place to ensure that they don’t over-censor innocent people in the process? Again and again, social media companies are unable or unwilling to answer the questions.
A few days ago we realised that ZDNet published an article mentioning a VPN provider, StrongVPN, in terms like “more respectful”, “great”, “simple” and “does well with its protocol options”.
The problem is that for each sold account when the user is coming from from ZDNet the magazine gets a kickback. Do you need to be a rock scientist or brain surgeon to understand that words can’t be trustworthy if a kickback is involved?
ZDNet claims to “support you need to make the right IT decisions for you”. What a joke!
Now they’ve done it again. In an article about The 10 best smartphones you can buy right now every link to Amazon ends with ?tag=zdnet-deals-20 or an equivalent. Then Amazon can track who is coming from this article and in case they buy a new cell phone Amazon can pay the kickback.
In a blog post on ungleich.ch you can read why you should stay away from DoH, DNS over HTTPS, now being rolled out by both Google in their Chrome browser and by Mozilla in their Firefox browser.
DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.
Quote from the blog post on ungleich
The author asks if DoH is bad only for EU citizens.
No, it’s bad for the US citizens too. Because whether you trust Cloudflare or not, you’ll end up directly supporting centralisation by using DoH in Firefox. Centralisation makes us depend on one big player, which results in fewer choices and less innovation. Centralisation affects everybody by creating a dangerous power and resource imbalance between the center and the rest.
Have you deactivated DoH in your Firefox browser yet?
Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.
The browser maker has been testing DoH support in Firefox since 2017. A recent experiment found no issues, and Mozilla plans to enable DoH in the main Firefox release for a small percentage of users, and then enable it for a broader audience if no issues arise.
“If this goes well, we will let you know when we’re ready for 100% deployment,” said Selena Deckelmann, Senior Director of Firefox Engineering at Mozilla.
What is DoH?
DoH (IETF RFC8484) allows Firefox to send DNS requests as normal-looking HTTPS traffic to special DoH-compatible DNS servers (called DoH resolvers). Basically, it hides DNS requests inside the normal deluge of HTTPS data.
By default, Firefox ships with support for relaying encrypted DoH requests via Cloudflare’s DoH resolver, but users can change it to any DoH resolver they want.
When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.
By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.
If you open Facebook’s mobile app today, it will likely suggest that you try the company’s new Dating service, which just launched in the U.S. after a rollout in 19 other countries last year. But with the company’s track record of mishandling user data, and its business model of monetizing our sensitive information to power third-party targeted advertising, potential users should view Facebook’s desire to peek into our bedrooms as a huge red flag.
Today marks the last day that the Ecuadorean prosecution has to investigate its case against Ola Bini, the Swedish free software programmer who was arrested there in April and detained for over two months without trial and without clear charges. On Thursday, the judge accepted a plea by the prosecutors to change the nature of the charges, switching from one part of Ecuador’s broad cybercrime statute to another. It seems likely that the prosecution will rely on evidence uncovered a few weeks ago that depicted Bini accessing an open, publicly available telnet service: an act that is, in itself, entirely legal under any reasonable interpretation of the law.
The sudden swapping out of charges at the last moment is just the latest twist in a politically charged and technically confused prosecution. It should be no surprise, then, that Amnesty International this week released a statement denouncing Ecuador’s treatment of Bini. The organization, which works to protect human rights globally, has determined that the Ecuadorian state failed to comply with its obligations under international law during Bini’s arrest and subsequent detention. In addition to this pronouncement, Amnesty has also expressed serious concern that political interference jeopardizes the chance for a fair trial, concerns that EFF has raised as well.