|
| ▲ | sgbeal 5 hours ago | parent | next [-] |
| > why do you use Cloudflare on your pi-hole? Because "if it ain't broke, don't fix it." i'm not one of those users who want to endlessly tweak their ad blocker. i want to set it up, clicking as few checkboxes as necessary to get it going, and then leave it. However, (now) knowing that Cloudflare filters different only each of their servers, i'm incentivized to go tweak a number in the config (as opposed to researching the pros and cons of every possible provider, a detail i truly have no interest in pursuing). |
|
| ▲ | UqWBcuFx6NV4r 2 hours ago | parent | prev | next [-] |
| Privacy nuts are almost uniquely unable to comprehend that someone else on earth may possible have priorities that differ from theirs. |
| |
| ▲ | arvid-lind an hour ago | parent [-] | | that's an observation, I guess... OP set up a pi-hole so it's not a stretch they would do a quick search for "free privacy dns". you make it sound like it takes some kind of reprioritization, why? |
|
|
| ▲ | daymanstep 6 hours ago | parent | prev | next [-] |
| Which options respect your privacy? |
| |
| ▲ | diarrhea 4 hours ago | parent | next [-] | | I use unbound (recursive resolver), and AdGuard Home as well (just forwards to unbound). Unbound could do ad-blocking itself as well, but it's more cumbersome than in AGH. So I use two tools for the time being. The upside is there's no single entity receiving all your queries. The downside is there's no encryption (IIRC root servers do not support it), so your ISP sees your queries (but they don't receive them). | |
| ▲ | dannyfritz07 4 hours ago | parent | prev | next [-] | | I'll throw https://nextdns.io into the mix. Been very happy with it. Supports DOH, block lists, among a plethora of other features. | |
| ▲ | ranger_danger 2 hours ago | parent | prev | next [-] | | The ones where you don't send a single company all of your queries | |
| ▲ | travoc 6 hours ago | parent | prev | next [-] | | AdGuard DNS servers are excellent. | |
| ▲ | nom 5 hours ago | parent | prev [-] | | quad9 |
|
|
| ▲ | TZubiri 5 hours ago | parent | prev [-] |
| what is the vector here? dns traffic is practically anonymous, there would have to be some very specific and purposeful trickery going on to link dns traffic to an identity. It sounds like something more hypothetical than a tangible threat model |
| |
| ▲ | hirako2000 5 hours ago | parent | next [-] | | It isn't anonymous. DNS server resolve, IP addresses by hostnames. It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit. Since ISP know your identity, and all it takes is to (request and get) the DNS logs and ISP servitude for all sort of questionable information, you as an identity are giving away all sites domains you visit. | | |
| ▲ | sgbeal 3 hours ago | parent | next [-] | | > It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit. Correction: they can log host names/IPs, not URLs. The path of any given URL is part of the HTTP header, invisible to onlookers (assuming HTTP and assuming HTTPS is uncracked). | |
| ▲ | UqWBcuFx6NV4r 2 hours ago | parent | prev [-] | | Hi. If your response involves explaining the very very basics of DNS to someone that clearly knows what DNS is, please consider the possibility that you may have misunderstood them instead of lecturing them on the basics of ubiquitous internet technologies. |
| |
| ▲ | arvid-lind 4 hours ago | parent | prev [-] | | > A Cloudflare Ray ID is an identifier given to every request that goes through Cloudflare. https://developers.cloudflare.com/fundamentals/reference/clo... if you think a little creatively about how this information could be used by an organization that was created at the insistence of the United States Department of Homeland Security, then you're on the right track. |
|
