undefined | Better HN

0 pointsjosephcsible2y ago0 comments

> You're suggesting that me controlling my own network, and people controlling their own networks, is bad ("even when you are the owner of a network, you shouldn't have control of traffic on it between endpoints that you don't own either of").

Should your ISP be allowed to censor what you can see on the Internet? Remember they own the network that all of your traffic flows through.

> You're suggesting that applications and Trojans have the "right" to be free from my control, on my network, on my machines. Wow. What a take!

I'm not arguing that anything on your machines should be free from your control. I'm specifically saying that traffic passing through your network but not from or to one of your machines should be free from your control.

> You're saying that all programs, Trojans included, will allow us to configure DoH. Again, a pretty crazy take, and completely, unambiguously wrong.

I meant all legitimate programs do. Trojans obviously do whatever they want, and that was the case even before DoH existed.

> You clearly don't care about freedom, since you actively want to send your DNS to some third party.

You're always sending your DNS requests to some third parties. The only question is which.

> But you'd have me give up my freedom to control what goes on on my network because some ISPs track DNS, and instead of addressing that, you're for the idea of normalizing a protocol that removes my freedom and puts it in the hands of application / Trojan makers.

I disagree that "my freedom to control what goes on on my network" is a freedom that should be protected. For an extreme example, consider that someone complaining "they took away my freedom to own slaves" is obviously in the wrong. As I've said before, you should only have any control of traffic for which one of the endpoints is yours.

> It harms regular people because it exfiltrates private information that they don't know about. Someone installs Firefox (very common) and doesn't know about DoH (also very common). Now their DNS lookups are all going to Cloudflare. We have no reason to trust Cloudflare (we do have plenty of reasons to not trust them, though).

Most American ISPs are way less trustworthy than Cloudflare, and that's where almost everyone's DNS would be going otherwise.

> But the point is that these regular people DON'T KNOW and haven't agreed to have their DNS data shared with Cloudflare. This has all sorts of negative implications that I'm sure you can't see.

Do regular people even know what DNS is? Did they agree that their ISP could see their insecure DNS?

0 comments

2 comments · 1 top-level

johnklos2y ago· 1 in thread

I can't tell if you're a troll or if you're really just not understanding things.

My network is not my ISP's network. My ISP can't censor me. I advocate for people to have control over their own networks and to take control from their ISPs.

I'm not sure why you want to conflate my network with what my ISP provides, but anyone thinking that clearly doesn't understand how things work (or is just trying to be a troll).

Likewise, "all legitimate" programs will allow DoH configuration? Really? Have you TRIED to do simple, common sense things in Windows like use another browser? Obviously this suggestion is ridiculous.

Please tell me how traffic would pass through my network that isn't from or to one of my machines. Guests? That's a bullshit reason to suggest I shouldn't have control over my network.

"You're always sending your DNS requests to some third parties." No, I'm not. I run my own DNSSEC recursive resolvers.

At this point, I have to believe you're a troll.

"consider that someone complaining "they took away my freedom to own slaves"" is also trolling. If you think packets and programs are equivalent to humans, you're... broken. But at this point I really have to wonder what you expect to get out of trolling. You're just making yourself look dumb at this point.

josephcsibleOP2y ago

> My network is not my ISP's network.

Right, but traffic from your computers passes through both.

> My ISP can't censor me.

Either you and your ISP can both do network-level censorship, or neither can.

> I'm not sure why you want to conflate my network with what my ISP provides, but anyone thinking that clearly doesn't understand how things work (or is just trying to be a troll).

Because your endpoints' traffic goes through both, and they both have the same ability to censor.

> Likewise, "all legitimate" programs will allow DoH configuration? Really? Have you TRIED to do simple, common sense things in Windows like use another browser? Obviously this suggestion is ridiculous.

Again, what does being able to change the default browser on Windows have to do with whether you can configure DoH?

> Please tell me how traffic would pass through my network that isn't from or to one of my machines. Guests? That's a bullshit reason to suggest I shouldn't have control over my network.

Guest computers on your network are in the exact same position as your router on your ISP's network.

> "You're always sending your DNS requests to some third parties." No, I'm not. I run my own DNSSEC recursive resolvers.

Even if you don't count the servers your recursive resolver talks to as third parties, your ISP can still see all of your recursive resolver's traffic, and just drop the responses for domains it doesn't want you visiting, even with DNSSEC.

> "consider that someone complaining "they took away my freedom to own slaves"" is also trolling. If you think packets and programs are equivalent to humans, you're... broken.

I don't think they're equivalent at all. My point was just that just because you can't do a certain thing anymore doesn't necessarily mean freedom has been lost.

j / k navigate · click thread line to collapse