[guardian-dev] encrypted DNS provided by Orbot?
Hans-Christoph Steiner
hans at guardianproject.info
Fri Dec 14 12:02:09 EST 2018
Nathan of Guardian:
>
> On 12/14/18 6:01 AM, Hans-Christoph Steiner wrote:
>> n8fr8 proposed something along those lines before.
>>
>> If DNS over TLS (DoT) and/or DNS over HTTPS (DoH) get widespread
>> adoption, then we have a new channel for bridge discovery and other
>> tricks. Google Jigsaw released its Intra app to let older Android
>> versions use DoH. It is Apache-2.0 licensed, but with proprietary
>> Google Firebase and other libs. Perhaps we could take that code and
>> include it in Orbot?
>>
>> https://gitlab.com/fdroid/rfp/issues/735
>
> Happy to consider. I was thinking more about this, and had some
> concerns, specifically with using the DoH provider over Tor, but then
> sending traffic over cleartext.
>
> We need to ensure we weren't making it possible for the DoH provider to
> deanonymize someone by returning a custom IP via DoH-over-Tor, and then
> looking for who connects to it via cleartext.
>
> Or perhaps, I am crossing streams here, and this isn't about anonymity,
> only circumvention?
I think we want to consider both anonymity and circumvention. If DoH has
issues, we should be able to focus on DoT. The way DoH is being rolled
out has some scary centralization issues, i.e. Google making Chrome only
use the Google DNS servers.
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the guardian-dev
mailing list