Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Given the pervasive commercial surveillance system, a user needs to have several protective layers just to browse the WWW:

a browser with security extensions (although a good browser should be built with security as a design principle, not as an "add-on")

ESNI and DoH (even though Cloudflare can see the aggregate)

DNS caching and blocking in the subnet

iptables/nftables blocking of undesirable IP address ranges by the router

edit: It's safer to leave the dysfunctional WWW alone and use only RSS.



Disagree on DoH though, because it defeats DNS caching and blocking in the subnet. Plus, many people trust their own provider more than yet another US corporation.


It defeats DNS caching and blocking in the "subnet" because for most US users the DNS provider is an adversary, and trusting it would be a mistake.


But there is an entire world outside the US. I trust my local ISP way more than a US corporation.


That's fascinating, but now you know why people in the US are quick to embrace DoH in its default configurations. And, of course, nothing ties DoH to major US corporations. You can DoH to a NUC in your cousin's bedroom closet.


I run DoH on a raspberry Pi with piHole. And then DoH from it to Quad9's servers. DNS blocking, with DoH.


You can also just run Pi-Hole directly on something like Fly.io, and DoH to it from your local machine. :P


Interesting - I assume their free tier is enough to run this.

However, local caching on the Pi might yield faster lookup time.


They're all only useful in certain circumstances.


> It's safer to leave the dysfunctional WWW alone and use only RSS.

Is their any evidence that Google killed Google Reader because it interfered with their Ad/user-tracking metrics business?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: