[LINK] This incredibly simple privacy app helps protect your phone from snoops with one click
Kim Holburn
kim at holburn.net
Tue Nov 13 20:42:09 AEDT 2018
> On 2018/Nov/13, at 5:55 pm, Hamish Moffatt <hamish at moffatt.email> wrote:
>
> On 13/11/18 4:57 pm, Kim Holburn wrote:
>> The problem is that DNS is currently basically broken. DNS requests go unencrypted, in the clear and there is no kind of proof that the answer has not been read or tampered with.
>>
>> This (app) solves one part of that problem and not well really. The connection between you and one or two DNS servers are encrypted. The dns requests you make cannot be examined or changed by your ISP or other ISPs in the chain.
>>
>> It doesn't solve the problem of proving the DNS record is accurate.
>
>
> DNSSEC proves that the answer has not been tampered with. It does not prevent eavesdropping, but DNS over HTTPS or DNS over TLS do.
Yes, and neither of these have been rolled out to retail or domestic systems. They are both difficult to actually use. Also probably not everyone has a certificate for their DNS, so I'm not sure of the coverage of DNSSEC.
And governments are systematically poisoning local DNS servers.
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list