作者: toylet 時間: 2020-12-3 12:07 標題: Privacy Hardening with DNSSEC, TLS 1.3 and Encrypted SNI for your Browser
提示: 作者被禁止或刪除 內容自動屏蔽
作者: toylet 時間: 2020-12-3 22:46
提示: 作者被禁止或刪除 內容自動屏蔽
作者: Fanolian 時間: 2020-12-3 23:07
要留意嘅係ESNI將會被更加新嘅標準ECH (Encrypted Client Hello)取代;
Cloudfare嘅測試網頁現階段會錯誤顯示Firefox嘅ESNI/ECH嘅開啟狀態(Bug 1667801)。
作者: toylet 時間: 2020-12-3 23:09
提示: 作者被禁止或刪除 內容自動屏蔽
作者: Fanolian 時間: 2020-12-3 23:17
好似話大陸會block開咗ESNI嘅連線。
作者: toylet 時間: 2020-12-3 23:28
提示: 作者被禁止或刪除 內容自動屏蔽
作者: 學師仔 時間: 2020-12-3 23:43
咁 的確 無必要 就 無謂用....
最好連 internet banking 都不玩!!
Internet 有乜 可能 可以 零 ...
toylet 發表於 2020-12-3 11:28 PM
師兄其實真喺唔好用DoH,銀行用handshake咖
作者: toylet 時間: 2020-12-3 23:49
提示: 作者被禁止或刪除 內容自動屏蔽
作者: 學師仔 時間: 2020-12-3 23:57
咁 不如 取消 所有 internet banking accounts 了! ! 真是 嘥氣!
再 加上 不能被 信任 的 Win 10, Android ...
toylet 發表於 2020-12-3 11:49 PM
咁又唔洗既,只要你唔主動enable DoH就ok,firefox disabled DoH.
作者: toylet 時間: 2020-12-3 23:57
提示: 作者被禁止或刪除 內容自動屏蔽
作者: 學師仔 時間: 2020-12-4 00:08
回覆 10# toylet
師兄我要咖,年紀大唔想用手機駁banking呀……
其實你用e-banking,銀行都會行encryption, 只要你sure你個connection secured既話
作者: toylet 時間: 2020-12-4 01:14 標題: 絕對 不是 我和你 面對面 一手交一手!! 電腦 是 現實?
提示: 作者被禁止或刪除 內容自動屏蔽
作者: 學師仔 時間: 2020-12-5 02:33
本帖最後由 學師仔 於 2020-12-5 03:12 編輯
呀..最衰我未夠年齡走去排關愛隊啦
我只係講我no intention 去用DoH, but I will trust on my network and handshake TLS至於你講到咁critical, 連internet都 being untrusted既話,nothing to clarify then
我係數學白痴by the way.argh...DoH and DoT又係2回事.不過既然成個"人為既WWW"都compromised ,no further discussion's required喇
作者: toylet 時間: 2020-12-5 21:55
提示: 作者被禁止或刪除 內容自動屏蔽
作者: toylet 時間: 2020-12-5 22:02
提示: 作者被禁止或刪除 內容自動屏蔽
作者: kelvinhin 時間: 2020-12-5 22:48
其實 大大 都是 得個 "信" 字? 甚至 可以是 "命令"?
用 無瑕 數學理論 去 推測/證明 實際 ...
toylet 發表於 2020-12-4 01:14
好奇師兄你會唔會用櫃員機同信用卡?
作者: toylet 時間: 2020-12-6 17:06
提示: 作者被禁止或刪除 內容自動屏蔽
作者: toylet 時間: 2020-12-8 12:02 標題: Why is Firefox implementing DoH and not DoT?
提示: 作者被禁止或刪除 內容自動屏蔽
作者: 學師仔 時間: 2020-12-9 23:22
Introduce another trashy crappy new-tech for you to bug at
ODoH.
作者: toylet 時間: 2020-12-9 23:32
提示: 作者被禁止或刪除 內容自動屏蔽
作者: 學師仔 時間: 2020-12-10 17:31
本帖最後由 學師仔 於 2020-12-10 17:34 編輯
Thank you, Your Honor! See if I got time... Meow!
I think Cloudfare HKG was not quite up to its ...
toylet 發表於 2020-12-9 11:32 PM
If I read your thread correctly....were you using both BoH and DoT at the same time??You shouldn't be used both differ protocols at the same time,it's weird..or you meant you were running DoT protocol and just the encrypted page on browser?(I don't feel any laggy traffics by using stubby DoT and those encrypted web sites.)
As long as you seem to be the hater
of encryptions,you should kick yourself to Unbound insteads.作者: Rolf 時間: 2020-12-10 18:54
如果自己屋企/私人都係用Unbound算
作者: toylet 時間: 2020-12-10 22:24
提示: 作者被禁止或刪除 內容自動屏蔽
作者: 學師仔 時間: 2020-12-11 15:35
It could be just that website that's using a slow server... maybe it's unrelated to DNS. I don't ha ...
toylet 發表於 2020-12-10 10:24 PM
I guess Tor is the best bet for privacy,but who knows.
It's sorta contradictory..for Unbound running thru encryption,just straight ahead using DoT without others.Unbound using kinda caching in order to speed up your surfing with port 53 and the point somehow recursive server's already as authoritative resolver and bypass any man in the middle(other protocols and servers considers as),but like I said,many users happy with such combinations then it wont be a problem..just somewhat contrary to principle of recursive resolver IMHO.
ESNI stills kinda new development for either browsers and and servers by both side...which means compatibility would be an issue..feel in that way....arrrrghhh,talked too much for myself,get yourself away with troubleJust peeped on the thing you've mentioned,I guess it's just DoH for win10,DoT still developing,and it's just compile with that while you not running any protocols on networking.
作者: 學師仔 時間: 2020-12-11 15:51
如果自己屋企/私人都係用Unbound算
Rolf 發表於 2020-12-10 06:54 PM
師兄講得啱,快,靚,正,只喺sacrificed certain of "privacy"
作者: Rolf 時間: 2020-12-11 16:23
師兄講得啱,快,靚,正,只喺sacrificed certain of "privacy"
學師仔 發表於 2020-12-11 15:51
其實都冇乜sacrificed
因為ISP一定會知你request過的ip
就算encrypt dns query,ISP都可以做reverse lookup
想hide from ISP只能靠vpn
反而用Unbound cut out 哂 middle-man,所以甚至唔洗trust public DNS (Google DNS, Cloudflare等) / Anonymized DNS relays
我感覺上仲安全左
參考: https://www.snbforums.com/thread ... page-59#post-549312
作者: 學師仔 時間: 2020-12-12 17:57
本帖最後由 學師仔 於 2020-12-12 18:02 編輯
回覆 26# Rolf
師兄好波~
,我只喺唔想自己"某程度上既私隱做成leakage"isp要做你根本冇問題,just matter(difficulty) of time.我又唔怕isp知我去邊,我唔想personal data會surf on net咋如果佢dns做得靚(dnssec,DoT),I definitely hands off. 我都用過Unbound,真喺唔錯,但有怪癖,見到port53唔舒服.
但unbound都要beware of malicious server..ambushed otherwise.
作者: Rolf 時間: 2020-12-12 20:54
回覆 27# 學師仔
個人使用經驗:Unbound with DNSSEC
1. Local recursive lookup 唔會出街所以可以忘記DoT/DoH
2. 同樣因為係local recursive lookup data 唔會全世界走
3. DNSSEC 防 cache poisoning
4. 有cache+唔需要做encryption,實際使用上速度同用普通ISP DNS唔會有明顯分別,甚至快過用1.1.1.1 with DoT/DoH
5. Firewall block :53 form public, 只有private network 內可以用呢隻Unbound server
已經做到哂一般私人用想要的效果
出左街冇得用屋企network的時候我先會考慮用1.1.1.1,或者直接VPN返屋企private network
作者: 學師仔 時間: 2020-12-13 14:16
本帖最後由 學師仔 於 2020-12-13 14:19 編輯
回覆 28# Rolf
Same configs liked yours while with Unbound but firewall.
d高手真係要三跪九叩先教人,都冇解嘅