[LINK] This incredibly simple privacy app helps protect your phone from snoops with one click

Hamish Moffatt hamish at moffatt.email
Wed Nov 14 14:09:42 AEDT 2018

On 13/11/18 8:42 pm, Kim Holburn wrote:
>> On 2018/Nov/13, at 5:55 pm, Hamish Moffatt <hamish at moffatt.email> wrote:
>> DNSSEC proves that the answer has not been tampered with. It does not prevent eavesdropping, but DNS over HTTPS or DNS over TLS do.
> Yes, and neither of these have been rolled out to retail or domestic systems.  They are both difficult to actually use.  Also probably not everyone has a certificate for their DNS, so I'm not sure of the coverage of DNSSEC.
> And governments are systematically poisoning local DNS servers.

For clients, if you use for your DNS servers then you have 
DNSSEC validation. Easy. That same service also supports DNS over HTTPS, 
but client support for that is not widespread. It's going to be in 
Firefox soon though, if it isn't already.

For domains, DNSSEC seems a bit harder unfortunately because lots of the 
big DNS hosts don't support it, like Amazon Route53. APNIC have some 
interesting posts on the topic, including



You also need encrypted SNI, which is almost non-existent so far. 
https://encryptedsni.com has some interesting test tools.


More information about the Link mailing list