Privacy

34309 readers

1888 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

If you have HTTPs everywhere on, how much harm can a malicious wifi network do? (lemmy.dbzer0.com)

submitted 4 days ago by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

I kinda don't trust my home network because my brother is douche and I feel like he's gonna do some weird things with the connection, so I prefer to juse use my phone's data (unlimited data plan) to avoid any shenanigans. Hypothetically, how much harm can an evil wifi do?

Does using HTTPS avoid all risks? What about evey program on your computer or every app on your phone, do they also have HTTPS everywhere on? (I use Android btw)

How much could a VPN do better that HTTPS cant?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 24 points 4 days ago (1 children)

Generally true. You would want to use DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH) to be sure your DNS queries are encrypted in transit.

[–] [email protected] 3 points 3 days ago (1 children)

Technically if you have a NAT redirect rule that routes all outbound traffic on a specific port, you could redirect to port 53 on the pihole and it would be visible because the DoT/ DoH terminates at the Pi which his brother could control? VPN is still a safe bet.

[–] Darkassassin07 5 points 3 days ago* (last edited 3 days ago) (1 children)

You can redirect regular DNS like that, but DoH/DoT is encrypted using certificates with a chain of trust just like any other tls connection (that's kind of the whole point). It would throw security errors breaking dns resolution if you redirected the connection to your own server.

You would still be better off with a vpn wrapping the connection however as the SNI in each https connection is unencrypted and can be used to log your traffic.

[–] [email protected] 3 points 3 days ago

That's true. Was going to setup a NAT rule to test it out but then realized that there's no way I can redirect outbound traffic on 443 to a Pi Hole on 53, lol.