Cloudflare DNS-over-HTTPS in Qubes?
130 views
Skip to first unread message
Dominique St-Pierre Boucher
Apr 3, 2018, 3:16:54 PM4/3/18
to qubes-users
Hi,
Is there a way to have a DNS proxy in the sys-net interface that try to use DNS-over-HTTPS at 1.1.1.1 (cloudflare) and if not working standard DNS with what was received by the DHCP.
Is it possible
Thanks
Dominique
cooloutac
Apr 3, 2018, 7:17:23 PM4/3/18
to qubes-users
Not sure what you are trying to do but yes I believe so. You can just make a whole nother separate custom proxyvm separate from sys-firewall.
Chris Laprise
Apr 3, 2018, 9:11:31 PM4/3/18
to Dominique St-Pierre Boucher, qubes-users
https://groups.google.com/d/msgid/qubes-users/9XVz-7viQEqd-6MPx8NvR4Fnk502VgBDJUYogFE056xaFr-k76ApY7WmEbi3oH6yQZQ7MEHbuqYbwCZInJ8LE9lysw_e3w8Dw93FrISL2hU%3D%40micahflee.com
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Tai...@gmx.com
Apr 5, 2018, 4:38:15 PM4/5/18
to qubes...@googlegroups.com
Wow people are actually falling for cloudflares "privacy respecting"
bullshit from a service that uses for example browser fingerprinting on
every computer that it serves and blacklists sites based on how the CEO
is feeling that morning.
They are a front for an intelligence agency - cloudflare is able to
monitor most of the internet now that many major sites have bought in to
their bogus kinda blackmail model of pay or get DDOS'ed when in reality
the average site had no need for such a service before cloudflare existed.
Not to mention big issues like cloudbleed.
You should use a different DNS from a more reputable company.
bullshit from a service that uses for example browser fingerprinting on
every computer that it serves and blacklists sites based on how the CEO
is feeling that morning.
They are a front for an intelligence agency - cloudflare is able to
monitor most of the internet now that many major sites have bought in to
their bogus kinda blackmail model of pay or get DDOS'ed when in reality
the average site had no need for such a service before cloudflare existed.
Not to mention big issues like cloudbleed.
You should use a different DNS from a more reputable company.
799
Apr 5, 2018, 4:54:30 PM4/5/18
to Tai...@gmx.com, qubes-users
Hello,
Wow people are actually falling for cloudflares "privacy respecting"
bullshit from a service that uses for example browser fingerprinting on
every computer that it serves and blacklists sites based on how the CEO
is feeling that morning. [...]
Can your provide some additonal information to cover this?
Regarding the blacklisting you are refering to the "Daily Stormer" case?
Discussed also here;
https://blog.cloudflare.com/why-we-terminated-daily-stormer/
Discussed also here;
https://blog.cloudflare.com/why-we-terminated-daily-stormer/
What exactly do you mean by browser fingerprinting?
Are you talking about Browser Integrity Checks?
https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-
"[...] Cloudflare's Browser Integrity Check (BIC) is similar to Bad Behavior and looks for common HTTP
headers abused most commonly by spammers and denies access to your page. It will also challenge
visitors that do not have a user agent or a non standard user agent (also commonly used by abuse
bots, crawlers or visitors) [...]"
Are you talking about Browser Integrity Checks?
https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-
"[...] Cloudflare's Browser Integrity Check (BIC) is similar to Bad Behavior and looks for common HTTP
headers abused most commonly by spammers and denies access to your page. It will also challenge
visitors that do not have a user agent or a non standard user agent (also commonly used by abuse
bots, crawlers or visitors) [...]"
You wrote: "They are a front for an intelligence agency"
In general I'd like to that see claims - no matter which - are based on evidence or at least facts.
How do you come to this conclusion?
[799]
[799]
Tai...@gmx.com
Apr 7, 2018, 8:56:34 AM4/7/18
to qubes...@googlegroups.com
On 04/05/2018 04:54 PM, 799 wrote:
Hello, On 5 April 2018 at 22:38, Tai...@gmx.com <Tai...@gmx.com> wrote:Wow people are actually falling for cloudflares "privacy respecting" bullshit from a service that uses for example browser fingerprinting on every computer that it serves and blacklists sites based on how the CEO is feeling that morning. [...]Can your provide some additonal information to cover this? Regarding the blacklisting you are refering to the "Daily Stormer" case? Discussed also here; https://blog.cloudflare.com/why-we-terminated-daily-stormer/
Yes - today the lunatic fringe next the normal you and me websites -
ex: now in court the rights enforcement companies are using that
decision to argue that cloudflare can and should remove websites see
the ALS-Scan case.
I don't trust a company that makes choices based on the CEO's feelings instead of boardroom policy.
I don't trust a company that makes choices based on the CEO's feelings instead of boardroom policy.
What exactly do you mean by browser fingerprinting?
You have to have javascript enabled to view a cloudflare website
because it wants to fingerprint your computer.
Are you talking about Browser Integrity Checks?
Oh yeah its for our own good and companies never lie.
https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do- "[...] Cloudflare's Browser Integrity Check (BIC) is similar to Bad Behavior and looks for common HTTP headers abused most commonly by spammers and denies access to your page. It will also challenge visitors that do not have a user agent or a non standard user agent (also commonly used by abuse bots, crawlers or visitors) [...]" You wrote: "They are a front for an intelligence agency" In general I'd like to that see claims - no matter which - are based on evidence or at least facts. How do you come to this conclusion?
Because they are now able to monitor most of the internet? Tell me
that isn't an absolutely perfect situation.
cooloutac
Apr 7, 2018, 7:59:15 PM4/7/18
to qubes-users
They are the same guys that have protected booter sites and many other shady sites to the chagrin of many So they don't cave to gov't pressure that easy if it makes you feel any better, but ya what dns servers do you recommend?
Reply all
Reply to author
Forward
0 new messages