Is this protocol really useful?
DNSCrypt
Owen Lee
Jose Bailey
Launched by OpenDNS
Most shilled DNSCrypt servers are OpenDNS, owned by Cisco
They mention a fucking Yandex browser on their page
Unless a server you connect to uses encrypted SNI, the domain name you connect to is still transferred in plaintext
You still trust one server to resolve your queries
DNSCrypt is often advised to be used with half-assed OpenVPN providers that don't push DNS options form their own servers, leaking your DNS queries to your ISP and ISP (DNS resolver) location to websites, when using DNSCrypt you still leak your location to DNSCrypt resolver run by g-d knows who, not good.
You can send your DNS requests to tor daemon with better anonymity and privacy.
Jose Cox
Can you tell more about that?
Jace Adams
I use this guy. Is he bad?
Christian Bell
Tor encrypts the query which then gets sent out at the exit node. It's still plaintext but instead of intercepting it upline where you are it's intercepted at the tor node. DNScrypt is a step in the right direction, but the protocol is weak because it's not end to end encrypted. Which means until you establish the server connection with a encrypted SNI dns server it can be MITM'd with laughable ease. But after the initial handshake in plaintext everything is encrypted if using a SNI server. If nothing else dnscrypt is useful for changing your dns server so it's harder to sort or locate your dns queries.
Most of the recomended DNS servers by them for defaults are honeypots, specifically the ones by D0wn, anti-adblock ones, cisco, yandex, and any located in the USA. Choose your servers carefully, or set one up yourself.
Connor Bailey
Yes stop using nsa/d0wn right now. It's a fucking botnet.
Charles Allen
Oh another one not to use is the babylon network. This needs no explanation, it's in the name itself.
Owen Barnes
If you're using Android...
- install and run Orbot
- install OverRideDNS and change your DNS servers to 127.0.0.1:5400
If you're using Debian 9...
sudo apt-get install tor dnsutils dnsmasq
## append to /etc/tor/torrc:
DNSPort 9053
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion
## test tor dns:
service tor restart
dig @localhost -p 9053 www.google.com
## append to /etc/dnsmasq.conf:
no-resolv
server=127.0.0.1#9053
listen-address=127.0.0.1
Daniel Bailey
Oh, and of course set your DNS servers in Linux...
## append to /etc/dhcp/dhclient.conf:
supersede domain-name-servers 127.0.0.1, 127.0.0.1;
Christian Hall
Not only I use it to hide from my ISP, I also use it too to block most of andress and IPs from Microsoft that does telemetry. I only worry over my ISP if it's spying me or not, even when I'm not a pedophile/like loli or shota stuff/a drug dealer.
Liam Fisher
build your own router then. use opnsense or pfsense
Lucas Garcia
tor is controlled by SJWs. I'd consider it compromised.
Blake Collins
retard
Jordan Gray
P-prove it
Carson Hughes
Are you sure you want the truth?
Jaxson Myers
I hope you don't block Microsoft IPs on Microsoft's operating system, cuz that's kinda counterproductive.
Fair thing, there is DNSSEC. Similar project, but not same. Rather than encrypting queries which is dumb, it authenticates (signs) full chain down to website's domain holder/hoster using PKI similar to current X509 iirc. So let's say you query for example.com if it has DNSSEC enabled, you get a signed answer from it's recursive DNS servers that it is indeed example.com with that particular IP address.
Too bad, not many sites bother to use DNSSEC, so it's like using ONLY https sites in 2008 and refusing to go to plain http because so. Very painful. Tho, you can manually check or DNSSEC availability with browser plugin by CZ NIC.
addons.mozilla.org
Andrew Cook
Do you take us for being stupid? Just for that here comes the proof d0wn is compromised by the DNC/cianiggers/nsa. See pics related and >>>/polk/27704 .
Ayden Richardson
Weird the fourth and most damming one didn't upload. Here is the last link in the chain of said pictures.
Levi Sanchez
I used DNSCrypt to get around blocks in turkey before (they are filtering port 53 and timing out blocked domains), it helps in bypassing censorship and keeping your domain requests secure too (along with HTTPS).
they ended up resetting connection on the destination IPs for the domains too, so I use sshuttle to access shit like imgur now. Fuck Erdogan.
Andrew Collins
What do I have to smoke to be this high?
Jonathan Cook
Tell me what NIC stands for and I will answer.
Chase Powell
I see, they must use their social justice wizardry to magically change a protocol after compilation from source.
Charles Carter
the problem with tordns is you should probably trust the tor exit node even less than your isp.
it's fine if your shitposting but the exitnode could easily fuck with the dns. they may not know who theyr'e fucking with, and that's supposed to be one of the reasons for ssl certs.
presumably if you know enough to do this you know enough to raise an eyebrow if the browser warns you that the ssl cert is fucked up before you login into your bank.
Henry Walker
Gee, everybody knows it stands for CIA Zombies Network Interface Card.
Network Information Center, lurk your shit dumb niggers
Lucas Williams
What about rule of three? Query multiple exit nodes for DNS, may even combine with DNSCrypt for extra placebo.
Austin Torres
Central Directory collects data from all nodes by default, how anonymous would it be if a system publicly announces how many connections each node gets every second? There was a Brazilian node that queried hidden services and scraped their front pages, somehow Tor project officials found this node and banned it from Tor swarm. How did they find it and why does the central authority has power to ban nodes?
mail-archive.com
mail-archive.com
Benjamin Wood
I'm sure there are other ways that could be figured out pretty quickly.
Regardless, if Tor did have a backdoor of some sort, why would the feds allow it to keep highly illegal content completely untouched? I won't go into detail, but I'm confident you know exactly what I'm talking about.
There has yet to be a takedown that was through an insecurity in Tor. All have been user error in some form (Admins using shit passwords, terrible code, DDoS attacks, using personal email addresses, etc.). Why would the feds allow Tor ruin a perfect backdoor which they have yet to use?
Nathan Reed
Thanks, but I use Windows 7, so I already have a firewall.
What do you mean? Why are you suggesting that blocking telemetry is kind of "counterproductive"?
Carson Jackson
yes please
Jose Butler
The authentication between the client and the DNS server is good because it will prevent MITM attacks. However to me, the encryption seems a little useless given that anyone listening on the wire will already see what IP addresses you are connecting to so they can just resolve those themselves.
Kayden Sanchez
Almost every tor node is using software from the tor group. Even a small percentage compromised compromises that whole system, and they can compromise almost all of it.
The NSA/CIA aren't going to ruin their honeypot, they want to identify enemies of the Jews not go after some no-name druggies/diddlers. The FBI might care about things like CP but the FBI are mall cops with more authority and can at best do basic shit like put trojan javascript on sites.
Mason Torres
Here's a nice book.