[talk] DNS over TLS

Pete Wright pete at nomadlogic.org
Wed Sep 11 22:04:06 EDT 2019

On 9/11/19 6:56 PM, George Rosamond wrote:
> If you haven't heard, Firefox is enabling DOT by default.
> I wasn't at the Vixie talk at vBSDCon on Friday, but apparently it is
> worth hearing. We need to get him to speak when he's in NYC.
> DOT means no more dns lookups over UDP to the locally configured
> resolvers, but all straight to Cloudflare.
> Of course, you have a privacy policy to trust if that's your thing:
> https://developers.cloudflare.com/
> ;)
> I think Chrome is doing the same thing.
> The OpenBSD Firefox port is turning it off by default, which I hope
> other BSD projects follow that example:
> https://marc.info/?t=156794163800002&r=1&w=2
> This is the relevant js to change in any user.js config file to never
> use DOT:
> https://wiki.mozilla.org/Trusted_Recursive_Resolver
> pref("network.trr.mode", 5);
> I have always emphasized the difference between "privacy" and
> "anonymity" as concepts for a reason.  One is about protecting content,
> the other about obscuring metadata.  You can't get privacy, like
> security, through obscurity.  But anonymity is all about obscurity, ie,
> hiding and being lost in the larger universe. Privacy is valued by
> data-mining firms to protect "their" users from others, but they want to
> privacly data mine their own users.
> It's great when ugly privacy-attacking practices are just knobs to
> switch off, but that's not much consolation in this arms race.
> Maybe high-time I do another "Run a BSD Tor Node" meeting again? ;)

I came across this presentation today by Bert Hubert on this which i 
think is worth a watch:


Pete Wright
pete at nomadlogic.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org:8080/pipermail/talk/attachments/20190911/a92b06ae/attachment.html>

More information about the talk mailing list