ChipTuner's avatar
ChipTuner ChipTuner@gitcitadel.com 3 weeks ago
So you went from telling your ISP what you were doing to telling Cloudflare. And to be fair most of us are already telling cloudflare what were up to. And chances are the consumer router is using plain UDP. Android doesn't let you specify a DOH bootstrap resolver, and requires a domain name last I checked. Otherwise UDP. Recursive resolver _is_ the only private option, or your buddy who runs a one and offers you a vpn. Im suggesting that media proxy is far less of an issue to what we _wanted_ nip05 to be, and that's proof of domain ownership. Media is just something that appears when I scroll.
โ†‘ Parent

Replies (2)

ChipTuner's avatar
ChipTuner ChipTuner@gitcitadel.com 3 weeks ago
Also my experience with Google Android is that DoH will ALWAYS fall back to Google UDP dns if DoH fails to resolve, or returns 0.0.0.0 etc. So the only "safe" option for Android users is UDP, hopefully over VPN.
1 replies โ†“
ynniv's avatar
ynniv ynniv@ynniv.com 3 weeks ago
๐Ÿคท๐Ÿปโ€โ™‚๏ธ i don't disagree with any of these points. fundamentally nip05 relies on dns. are most people enforcing dnssec? i don't actually care what it returns, so trusting a random proxy is fine. opsec requires a threat model, and it's more likely that my isp / dns stack gets poisoned than some paid proxy has decided to burn their trust
1 replies โ†“
โ†‘