SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Waterfox, Firefox, and DNS over HTTPS privacy
Go
New
Find
Notify
Tools
Reply
  
Waterfox, Firefox, and DNS over HTTPS privacy Login/Join 
always with a hat or sunscreen
Picture of bald1
posted
I've been a Mozilla browser user since the earliest days of Netscape. When my OS went from 32-bit to 64-bit I changed from Firefox to Waterfox as the later at the time was the only flavor in 64-bit. I was happy.

But recently Waterfox 56.2.14 has branched into two flavors with an update: classic and current
(https://www.waterfox.net/blog/waterfox- ... -download/). I had been having issues with recent releases of Waterfox not working with web sites (such as Roku) that used captcha validation (a documented Waterfox issue). The gent behind Waterfox, Mr. Alex, also moved the feedback forum to reddit which I won't join, so my ability to post issues for discussion is gone. And now Waterfox (newest release: 2019.10) is lagging without DNS over HTTPS capability. So I've "parked" Waterfox and have gone "back" to Firefox 64-bit (v 70.0).

Such is life in the browser world. LOL

==============================================

As for the DoH (DNS over HTTPS) here's a "how to" article:
https://www.zdnet.com/article/...ttps-doh-in-firefox/

And encrypting SNI:
https://blog.cloudflare.com/en...sni-firefox-edition/

And a couple test links:
https://1.1.1.1/help
https://www.cloudflare.com/ssl/encrypted-sni/
http://test-ipv6.com/

You should end up with seeing results like this:





This message has been edited. Last edited by: bald1,



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16615 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
Chrome users can do this as well
https://www.zdnet.com/article/...oh-in-google-chrome/
https://developers.cloudflare....-up-1.1.1.1/windows/



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16615 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
Member
Picture of Orthogonal
posted Hide Post
You might find this Ff fork a rather pleasing alternative. I also began with Netscape long ago and I used to use Waterfox but over a year ago I was led to Pale Moon and found it to be a very fast 64 bit better browser. YMMV!

See https://www.palemoon.org/
 
Posts: 520 | Registered: May 03, 2003Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
This DoH is about privacy without a VPN and its expense.

I'm inclined to trust Cloudfare much more than Goggle (DSN 8.8.8.8.) or my local ISP for that matter.

DNS over HTTPS is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16615 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
Member
Picture of Orthogonal
posted Hide Post
There is an OS for security minded folk, https://www.qubes-os.org/

Big Grin
 
Posts: 520 | Registered: May 03, 2003Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
quote:
Originally posted by Orthogonal:
There is an OS for security minded folk, https://www.qubes-os.org/


That's a linux OS and as far as Linux goes I prefer Mint which I run on my decade old laptop. Smile My desktop is still a windows machine (Win10) which is why I explored this DoH concept for my desktop browser.



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16615 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
Kinda surprised no one has weighed in on the pros / cons of the DoH business. Folks use anti-tracking browser plug-ins, so.... Mmmmmm....



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16615 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
Member
posted Hide Post
Some ISPs like Mediacom hijack your DNS settings and use their own instead regardless of what you have your router configured to do.
 
Posts: 2384 | Registered: October 24, 2007Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
quote:
Originally posted by bryan11:
Some ISPs like Mediacom hijack your DNS settings and use their own instead regardless of what you have your router configured to do.


This DoH procedure overrides your router settings. From what I've read the European ISPs are upset because it also prevents them from what you're saying Mediacom does among other things.



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16615 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
Best explanation of DoH and why it's worthwhile I've found:

https://hacks.mozilla.org/2018...o-to-dns-over-https/



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16615 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
quote:
Originally posted by bryan11:
Some ISPs like Mediacom hijack your DNS settings and use their own instead regardless of what you have your router configured to do.

More and more big name ISPs are doing this, but on a more limited basis. When the DNS lookup returns NXDOMAIN, meaning the domain requested does not exist, they hijack you to a search page of their own, with ads and info collection. Regular lookups that resolve to a real domain still use your preferred name server and take you to the requested site.



When in doubt, mumble
 
Posts: 10887 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Waterfox, Firefox, and DNS over HTTPS privacy

© SIGforum 2024