• Sc chevron_right

    Oblivious DNS-over-HTTPS / Schneier · Tuesday, 8 December - 21:02 · 1 minute

This new protocol , called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP.

Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.

IETF memo .

The paper :

Abstract: The Domain Name System (DNS) is the foundation of a human-usable Internet, responding to client queries for host-names with corresponding IP addresses and records. Traditional DNS is also unencrypted, and leaks user information to network operators. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) havebeen gaining traction, ostensibly protecting traffic and hiding content from on-lookers. However, one of the criticisms ofDoT and DoH is brought to bear by the small number of large-scale deployments (e.g., Comcast, Google, Cloudflare): DNS resolvers can associate query contents with client identities in the form of IP addresses. Oblivious DNS over HTTPS (ODoH) safeguards against this problem. In this paper we ask what it would take to make ODoH practical? We describe ODoH, a practical DNS protocol aimed at resolving this issue by both protecting the client’s content and identity. We implement and deploy the protocol, and perform measurements to show that ODoH has comparable performance to protocols like DoH and DoT which are gaining widespread adoption,while improving client privacy, making ODoH a practical privacy enhancing replacement for the usage of DNS.

Slashdot thread .

  • Ar chevron_right

    Does Tor provide more benefit or harm? New paper says it depends / ArsTechnica · Monday, 30 November - 23:00

Does Tor provide more benefit or harm? New paper says it depends

Enlarge (credit: Westend61 / Getty Images )

The Tor anonymity network has generated controversy almost constantly since its inception almost two decades ago. Supporters say it’s a vital service for protecting online privacy and circumventing censorship, particularly in countries with poor human rights records. Critics, meanwhile, argue that Tor shields criminals distributing child-abuse images, trafficking in illegal drugs, and engaging in other illicit activities.

Researchers on Monday unveiled new estimates that attempt to measure the potential harms and benefits of Tor. They found that, worldwide, almost 7 percent of Tor users connect to hidden services, which the researchers contend are disproportionately more likely to offer illicit services or content compared with normal Internet sites. Connections to hidden services were significantly higher in countries rated as more politically “free” relative to those that are “partially free” or “not free.”

Licit versus illicit

Specifically, the fraction of Tor users globally accessing hidden sites is 6.7, a relatively small proportion. Those users, however, aren’t evenly distributed geographically. In countries with regimes rated “not free” by this scoring from an organization called Freedom House, access to hidden services was just 4.8 percent. In “free” countries, the proportion jumped to 7.8 percent.

Read 8 remaining paragraphs | Comments

  • Sc chevron_right

    Tracking Users on Waze / Schneier · Thursday, 29 October - 14:52

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users:

I found out that I can visit Waze from any web browser at so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by sending my latitude and longitude coordinates. Except the essential traffic information, Waze also sends me coordinates of other drivers who are nearby. What caught my eyes was that identification numbers (ID) associated with the icons were not changing over time. I decided to track one driver and after some time she really appeared in a different place on the same road.

The vulnerability has been fixed. More interesting is that the researcher was able to de-anonymize some of the Waze users, proving yet again that anonymity is hard when we’re all so different.

  • Be chevron_right

    The XMPP meetup for everyone

    debacle · / berlin-xmpp-meetup · Saturday, 28 September, 2019 - 11:44 edit

This week in the meetup: Sprint, Kaidan, MUC...

Change of plans: We will talk about a planned XMPP sprint next year in Berlin, probably about Kaidan on Purism Librem 5, and maybe about MUCs and why they need to be replaced by something better. Let's see.

When? Wednesday, 2019-10-09 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

Where?xHain hack+makespace, Grünberger Str. 16, 10243 Berlin (as always)

The original topic aenigma - the XMPP server for everyone is postponed to the next month, i.e. 2019-11-13, same time, same place.

Nicolas North of openspace, a hackerspace in Milano, Italy, will present aenigma, the | state-of-the-art | secure-by-default | one-touch-deployed | XMPP server for everyone.

See you then!

Or join our non-physical room!

#berlin #xmpp #meetup #community #xhain #federation #chat #freesoftware #ænigma #aenigma #selfhosting #security #privacy #anonymity #openspace #sprint #kaidan #librem5 #muc