Say (an encrypted) hello to a more private internet. | The Mozilla Blog

kixik@lemmy.ml to Firefox@lemmy.ml – 298 points –
Say (an encrypted) hello to a more private internet. | The Mozilla Blog
blog.mozilla.org
22

You are viewing a single comment

Not necessarily. You could use something like DNSCrypt locally as a resolver which is more private than DoH and this weird combination of the opt-out will hurt you in this case.

How so? I’m using unbound locally for recursive DNS, but I’ll checkout what DNSCrypt adds since it seems like local encrypted DNS to the recursive servers.

Wouldn’t ECH still work with this setup and this setup be more secure since you’re not handing off your DNS requests to some other company?

Basically DNSCrypt is designed to hide your IP from the DNS server and your DNS query from your ISP. Basically it relays your DNS query via one server which knows your IP but only sees and encrypted version of your query and response and one server which knows your query but not your IP. Obviously you want both servers to be run by two different organizations.

1 more...
2 more...