| ▲ | itake 11 hours ago |
| 1/ ISP or the website Youre accessing can see the DNS queries and block traffic. My eSIM routes through Hong Kong, which means no ChatGPT. 2/ iPhones don't get you set the DNS provider / DoH for cellular 3/ DoH breaks wifi redirect walls, making it tedious to enable/disable. Like you cant just enable DoH for certain apps or disable it for others. |
|
| ▲ | bdhcuidbebe 10 hours ago | parent | next [-] |
| > 3/ DoH breaks wifi redirect walls, making it tedious to enable/disable Since this is a security focused discussion, why do you see wifi hijacking your dns lookups as something desirable? |
| |
| ▲ | 6 hours ago | parent | next [-] | | [deleted] | |
| ▲ | avhception 9 hours ago | parent | prev | next [-] | | Because there are a lot of situations, like being in a hotel, where you simply can't do anything to avoid it and have live with it / work around it. And while we all would like to live in that perfect ivory tower of CIA-level security, we mostly live in the real world and have to make do with what we have. | |
| ▲ | londons_explore 8 hours ago | parent | prev | next [-] | | wifi hijacking is here to stay. The solution is to detect it happening, and then switch to a different 'mode' where you ignore all https certs but never send any private data and never trust any data received. | | |
| ▲ | nerpderp82 6 hours ago | parent [-] | | You have use a client side app firewall to prevent all traffic until you have acquired your session. This is extremely difficult to do even for skilled people. | | |
| ▲ | londons_explore 5 hours ago | parent [-] | | Android has the ability to isolate the network stacks for different apps/connections till you have cleared the wifi portal. |
|
| |
| ▲ | pjc50 9 hours ago | parent | prev [-] | | Often the wifi will not let you "out" until you've been through their landing page, and there's no other mechanism to do this other than hijacking DNS? |
|
|
| ▲ | cube2222 10 hours ago | parent | prev | next [-] |
| 2) I believe you can using profiles like those available here[0]. [0]: https://github.com/paulmillr/encrypted-dns |
|
| ▲ | IshKebab 11 hours ago | parent | prev | next [-] |
| > DoH breaks wifi redirect walls Is that really true? I would have thought all the automatic detection features try with unencrypted DNS? They should anyway. |
| |
| ▲ | astafrig 10 hours ago | parent [-] | | Ideally it’d actually be RFC 8910 detection (and subsequently RFC 8908 API) but standards usage is generally incompatible with giving POs something to do |
|
|
| ▲ | Gigachad 11 hours ago | parent | prev | next [-] |
| Just get a VPN and then you can route your traffic wherever you want and not have to worry about what the carrier is doing. |
| |
| ▲ | coderatlarge 10 hours ago | parent [-] | | vpn appears to only work sporadically in china. | | |
| ▲ | lazycatjumping 10 hours ago | parent | next [-] | | All VPNs work without problems with China if you roaming into their network with a foreign (e)SIM. You will get unfiltered western internet as a tourist. | | |
| ▲ | hdgvhicv 9 hours ago | parent [-] | | Which cost me a fortune once when I plugged my phone into laptop to charge (before free global roaming). Dropbox had been blocked for a week, suddenly a flurry of sms arrived (out of order). I’d spent £250 in 3 minutes. | | |
| ▲ | mynegation 5 hours ago | parent | next [-] | | I feel for you. Why would you allow laptop traffic to be routed through the phone though? At least in iOS plugging the phone for charging or backup does not automatically tether. | | |
| ▲ | hdgvhicv 3 hours ago | parent [-] | | I often tether off my phone so has tethering enabled, just hasn’t charged from the laptop in all that time Wasn’t a lot in the end scheme of things - less that the cost of a night in the hotel, let alone the full trip |
| |
| ▲ | zx8080 8 hours ago | parent | prev [-] | | > Dropbox had been blocked for a week Why was it blocked for a week? Not sure I understand what happened to you. | | |
|
| |
| ▲ | snm99 9 hours ago | parent | prev [-] | | [dead] |
|
|
|
| ▲ | jb1991 10 hours ago | parent | prev | next [-] |
| I’m a little confused, are you physically located in China or is your data getting routed through China despite you live somewhere else? I can’t figure out what’s being said here. |
|
| ▲ | lazycatjumping 11 hours ago | parent | prev [-] |
| [dead] |
