Oblivious DNS - Simply Explained
Вставка
- Опубліковано 20 гру 2020
- Oblivious DNS is a privacy-friendly version of the DNS protocol. Preventing third-parties from keeping track of the sites you visit.
It builds on top of DoH (DNS over HTTPS) and adds a proxy server to prevent tracking. It was developed by Cloudflare, Apple and Fastly.
Currently, ODNS is not yet widely supported, but that could quickly change! Especially if Apple would push it to their iOS and macOS customers.
🎶 Music
"Lost Feelings" by Helena Decuyper:
/ project-34-1
🌍 Social
Twitter: / savjee
Facebook: / savjee
Blog: savjee.be
💌 Newsletter: newsletter.savjee.be (no more than once a month)
❤️ Become a Simply Explained member:
/ @simplyexplained
📚 Sources used to make this video:
savjee.be/videos/simply-expla... - Наука та технологія
Hi! I´m from Brazil and I love technology. Great explanation. I´m newcomer here. You got a new subscribed.
Congrats!
Great how you make us understand! In my simple words - instead of trusting technology, with ODNS, you have to trust organization. You have to trust that the proxy and the ODNS server's org do not talk to each other.
Amazing work. Simple, elegant and something new to learn that remain in memories forever because of your easy to understand explaination.
Savee we missed you for so long !
My last video was 2 weeks ago ;)
@@simplyexplained oops ! My bad Yeah I saw that No SQL one ! Actually your content is highly anticipated that's why ;p
Notice: ISPs can still do reverse DNS lookups on IP addresses you connect to. This is *not* a replacement for Tor.
Also I'm kinda suspicious about these proxy servers. If the organization who runs the DNS resolver also runs the proxy server, they can still figure out who you are and what websites you visit.
Yes, I did mention that both should be independently operated.
Also: valid remark about the ISP's! They still see everything if they really want.
Great job thanks !
Well explained
Dns is always a balancing act. On the one hand, you want yo have control over your own devices through your router by, for example, blackholing some domain. But on the other hand you don't want third parties snooping on your request.
So if i ise this, my isp will not see the sites i visit? Or there is another ways that isp use to see my visit history?
Does VPN help to hide the user’s IP from the DNS resolver and therefore solve the problem of the user’s identity exposure?
why don’t put chain proxy servers just like tor
Does this hide infos as SNI too?
Haha. At 1:40 those Bitcoin bag emojis imply ISPs are selling browser our history history for Bitcoin.
😎🤟
what if the proxy and odns own by same company :D
That's what I said at the end. The only way it works, is if these two are independent.
So you are never safe.
Terrible idea. So now if I want to exfiltrate data via a DNS tunnel I can encrypt the whole thing from end-to-end. I set my bot to use my proxy service and my my termination server. I have just bypassed a number of security tools and once it is past the proxy, you cannot even discover the source of the breach. Adversaries are going to have a hey-day with this. There are reasons the EU providers are banning Apple private relay, this is one of them. Second, who ever controls the termination server controls all. In the case of Apple private relay (Apple+Cloudflare) while they cannot see the origin IP, they still can set policy on what is being browsed, giving preferred partners quicker responses. I am not saying Apple will do this, but at some point an unscrupulous eventually entity will. Third, what happens when Governmental entities. what access to DNS queries/responses for a terrorist investigation, will this even survive or will it be legislated out of existence..
What's the weird music, sounds like some ghost is screaming
Link is in the description ;)
Would Blockchain solve this problem?
Usually blockchain solutions are about connecting information, whereas I think if you want to be more private you want to be 'off the chain'
to protect against the man in the middle by implementing DNSSec
Not green anymore ;)
First comment
First reply to Frist comment
😆
Nice
you forgot something....
[your device] -> [ISP] -> [proxy server] -> [ISP] -> [ODNS] -> [ISP] -> [proxy server] -> [ISP] -> [your device]
you notice something :) the ISP has access to all the data along the entire chain . so really it doesn't matter.
The data going between proxy, odns and you isn't the issue (b.c. it's encrypted) the issue is that ISPs still know exactly what IP addresses you connect to. (Which they can then lookup the DNS address of using reverse DNS)
@@zyansheep the data is still a problem . it might not be readable but it still exists
if i was the isp
id follow the data from your device to the proxy.
then follow the data as it leaves the proxy to the dns.
and then obtain a copy of the ip address as it leaves the dns to go back to the proxy.
and then follow the data back to your device.
i just obtain the ip address you will go to and your device...
tell me again why this entire process was useful XD.
@@logangraham2956 how would the ISP "follow the data"? The data is encrypted between the device, proxy, and dns server. The best they could do would be packet timing correlation which is incredibly difficult to pull off (and wouldn't tell them anything anyway unless they controlled the DNS server)
Also I never said this process was useful, imo this just allows Cloudflare and Apple to spy on their users more. ISPs can get around this easily with reverse DNS lookups.
@@zyansheep its encrypted but it still exists
@@zyansheep your forgetting that it is their switch you go through to get to anything at all.
do you not think they could see the packets encrypted or not.
find a dns services that does not use any big tech services
NEVER TRUST BIG TECH