Enable This Setting on EVERY Web Browser
HTML-код
- Опубликовано: 5 авг 2024
- Did you know about this feature?
⇒ Become a channel member for exclusive features! Check it out here: ruclips.net/user/ThioJoejoin
Links:
• DNS Test 1 ⇨ www.cloudflare.com/ssl/encryp...
• DNS Test 2 ⇨ 1.1.1.1/help
• Configuration Profiles: github.com/paulmillr/encrypte...
▼ Time Stamps: ▼
0:00 - Intro
2:59 - Before Getting Started
3:44 - Enabling on Web Browsers
4:56 - On Android
6:32 - On iPhone & iPad
9:35 - On Mac
10:35 - On Windows
11:13 - What is ESNI & ECH?
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ Наука
He's so powerful. He can slide buttons with his fingers no mouse required.
Haha
Very impressive technology. I believe it is called touchscreen
@@larsthestorf5630 There's no screen behind him. He literally pulled the image out of the PC to slide the button and put it back. Catch up.
@@KiickrOcksz yes.
He's had wizard training.
A few comments:
1. DNS lookups should preferably be done by the network stack in the operating system, not by the application, such as a browser. It might cause that different applications on your computer to connect to different IPs for the same site due to different IPs being returned by the DNS used by the browser and the DNS used by the OS.
2. So your ISP can't just look at your secure DNS requests to see what sites you're connecting to, but instead, Cloudflare gets to see all DNS your requests, so who to trust?
3. Some companies/organizations etc, use special domains and/or names for internal resources that are not resolvable by an external DNS provider like Cloudflare, so you might no be able to access them.
Cloudflare's main business is hosting sites and data for other companies, accessible with high performance and protection from DDoS attacks globally. Using dynamic DNS resolvers that map a name to different IP addresses based on network and system load, your location, location of data needed to serve your request, and so on, is an important part of that service.
Might they have additional motives to see as many DNS requests as possible? Let's say Bank A is a Cloudflare customer, would they be willing to pay for data on DNS requests for Bank B from a certain region for example? Of course, they would!
I'm not saying that Cloudflare does it today, but we all know that there is immense value in data regarding customer behavior.
I'd say running your DNS requests through Cloudflare, a company with a pretty decent track record in regards to privacy, is a lot smarter than running it through your ISP's DNS servers, especially since most major ISPs are known to be doing anything they can to spy on their users and then sell their data. Is it a perfect solution? No, especially not if Cloudflare ever decides to go crooked, but like I said, it's better to go through a service run by a company with a good track record than go through a service run by an ISP that is almost certainly trying to sell your data.
Cloudflare can already read all the data unencrypted for all its customers. And it's quite a big prercentage of websites who are using cloudflare. So dns is not that big of a deal
who else misses the poll feature lol, I remember all his videos had a stupid poll at the beginning...
Yeah i do
wait it was REMOVED? i thought ppl just hardly used it
Yea it's a shame
@@flop-00 it was removed a long time ago
I didn’t know they were removed, I just thought it was a mistake when people said “You can vote in the poll” and there is no poll
Thank you for splitting the spands of the video up to different chapters, this makes it allot easier.
been using private dns a year already, so far so good it also improves my connection
Very good cursory discussion on the why this information is important. The browser demonstrations that you provided were easy to follow. Love that this video was short and got to the point.
Reason number 3: some countries like Australia have “metadata logging laws” where your ISP logs headers of your traffic and thus knows which websites you are visiting when you make requests via standard unencrypted DNS. If the DNS lookup is encrypted then this makes it harder for a third party (government, law enforcement etc) to track your browsing activities.
I run a small ISP, we don’t log headers of traffic if the customer has a public IP. Only ISPs using CGNAT where the end user has a private ip need their source, destination and port accessed logged
Yes they won't see your DNS traffic but they will see the ip address of the website you connect to. So it's not really stopping them. Only way I see is to use tor or vps/vpn/proxy. They will see the connection but have no information about specific activities.
I love the way he tries to dumb things down so even I can understand them. It didn't work, but I still appreciate the effort.
Bro I am one of your old subscribers... I always liked each videos of yours. Always learnt something new! You are so easy to understand. Massive respect.
He didn't see my comment 💔
@@meowxgamingstuff He doesn't have to. Plus, he has stuff to do. Don't be offended.
Me: So many work to do.
ThioJoe: *new video*.
Me: watches video anyway 😁.
I do this the most secure method: I handwrite each DNS request, put it in an envelope, mail it, and wait for the reply.
Government can read your mail! Oh no!
That's a silly way - you should be using smoke signals. And they should be in encoded Klingon.
I use a track and field hamster team to courier those envelopes myself ..... those hamsters are a moving...!!!!
The ping must hit negative time then!
@@davidwallin7518 So many people know Klingon now, you have to encrypt it to be safe.
Thank you for the helpful information & tutorial!
Great, great tips! I had never heard of it, thanks Joe
been doing DNS over TLS for a while at the router level
How??? Please share
Xd
Thanks, bro.
thiojoe thank you for teaching us really good tips for windows! cant wait to see u get 3m subs!
Nice video Joe keep up the good job
Thank you very much for this video. I learned a lot today. It's a good thing I have a new Samsung. I followed your instruction for it. Thanks, ThioJoe.
Thx you for clarifying this cdn affair and others! You are right: "certainly, more knowledge than you are bargaining for..."
Nice vid. It was very helpful. Thanks 👍🏻👍🏻
Amazing channel! i have seen already your ssd failure video and this one and i can say that i am so benefited. Btw what about Linux machines?
The best youtube channel.....thanks joe for sharing valuable knowledge :)
Thank you, your videos are always so informative! Unfortunatly I came across this one too late as esni has been pulled from Firefox-esr and replaced with something else (which seems to be incomplete). There's now no protection for SNI....unless you know something I don't and I'm pretty sure you DO! 🙂
Pretty informative and usefull video.
Thanks!
Thanks, Thio for this video it's really useful.
Always interesting, thanks.
Thank you for the information!
Thanks, these are pretty useful
I just set my private dns in phone with cloudflare
Love this video❤️
Great content as always.
seems to me if your router had already set to a version of the "DNSS", the handshake check gives false negative ( or if you have a another app like say a app manager app with a VPN, it also happens the same. disabling that VPN gives a postive)
Thanks Thio! I'm one step closer to getting my pc to *MAXIMUM* power.
Comodo Firewall with cruelsister settings
Bitdefender AV
O&O Shutup10
Super helpful, especially for iOS. thank you 😃
Really useful!
Very informative, Thanks!
Thank you for the video!
Great vid Theo
thanks bro..more power to your channel
You deserve more views :(
Thanks so much for the info
Very nice video explained everything well
I do this in Control Panel which gives a....'global effect' to this setting rather than effecting just one browser.
It can also be changed in Settings under Network & Internet \ Ethernet - then click on Edit next to DNS Server assignment
Is there any benefit to doing both? I have a private DNS setup on my network adapters.
Thank you, your vids help alot.
I just checked my firefox and it's already enabled. Nice.
Thank you Joe !
Thanks for this wanted cloudflare on my iPhone
Great video!
"Wu Tang Lan" killed me
Just a note to anyone doing this for iOS or iPadOS: You must do this in Safari, not in your preferred browser for the profile to be acknowledged by the system. Otherwise it’ll just downlload but won’t show up in Settings.
Also the Profiles setting doesn’t show until you have it downloaded in safari
Muchas gracias por el gran tutorial. Pero me quede en duda. Si es posible hacer una configuración del DNS del Router de la casa... podrías ayudarme con mi duda por favor...
Great channel, wish u had more mac stuff
man i like all ur videous thnks for these things
6:00
There is actually another hostname for this, 'one.one.one.one', so you don't have to remember that long hostname.
ok lemme save this real quick
The long one kept giving me errors, but this one is actually working
@@derpyKitsu glad to help. 👍
Yeah same, one given in the video giving me error too. Yours is working but on the DNS test Page it is still showing Not Secured
I have AdGuard DNS configured directly on my router. Greatly increases my connection speeds by automatically blocking spammy ad URLs from loading at all on my network.
Just setup NextDNS on my router and it's been flawless, ended up paying the $20 yearly fee because I easily topped out at the 300,000 queries mark
What a fascinating video.
What is the difference between changing DNS from WI-FI setting and chancing from browser or system settings.
If you set DNS up on your router, all devices in the local network will use the same DNS.
If you set DNS up on your browser, it will only use the DNS on your specific browser.
If you set DNS up in the settings of your phone, it will use the DNS in all apps system-wide, but only and only on this particular phone.
Wow!! I'm so happy that I'm in this video. Thank you ThioJoe
10 hours ago...
How?
@@linr3v730 the video was unlisted
@@linr3v730 He is a member
Lol 10 hours ago😂🤔
Thanks bro
Good vid thanks for the info
the video came out 16 minutes ago? this dude gone in the future and commented fr 😂💯
They got secret illuminati access
@@ThioJoe 😂
Thx a lot for this vid!!!!
I wish I could upvote this more than once.
A system wide DoH/DoT for Windows OS are possible, if it would follow upon how DNSCrypt was implemented/deployed for client side.
I changed it like you mentioned but the test site still gives me a question mark for Secure DNS.
Very useful👍
Turned DoT on for cloudflare in my router which has the option (The router node of an Asus XT8 mesh system). Cloudflare's browsing check says everything is secure except for the "Secure SNI" as mentioned near the end of the video.
From my understanding this should work fine as long as the web browsers of each client on my network specifically direct all DNS queries to the router.
SNI is not yet supported by many routers and servers, however as long as your DNS is secure you should be fine.
Did it. I trust you man. Thanks.
Very informative. Thank you !
Edit: uh...yea, I got lost. Hackers may intercept where you're going by reading an unencrypted name - I don't think it will ever be secure; just very, very complex.
Thank You Sir. 💥💯
I was waiting for this video but I fell asleep 😞. It's 12:30am here in the Philippines
I’ve heard that people won’t use HTTPS for DNS due to the fact that it forces your browser to resolve to a big-scale DNS rather than more local ones
It was already enabled on my Firefox browser, but thanks for the heads up.
Do you know how this can be set up without losing access to local IP addresses (like Router Interface etc.)?
Whenever I see a thumbnail with a person putting there fingers on a button or switch. I remember, ThioJoe
Nice one
Thank u Man, u are Great.
Turn off privacy sandbox in chrome settings though so it doesnt send your (slightly anonymised but still gives them a good picture of what you do) browsing data to websites
Thanks!
Damn good video. Keep it up.
After running tests, I can't seem to get any of the DNS Over HTTPS profiles to work on MacOS Big Sur 11.4 after installing the profile in SYSTEM PREFS > PROFILES.
Installation DNS Over HTTPS worked fine on iOS 14.6.
Do I need to encrypt SNI too? Currently it is not.
EDIT: LOL you are already addressing it. Great.
Thanks Man .you amazing.
good video Quad9 is also another good one even better than Cloudflare when it comes down to security
Ahhh this video is so good thnx u
No pun at all, but of all the channels i watch across many sectors for flavor, education, fun, gaming etc there is pretty much just two that teaches me tech to be better at computer tech and keep learning new stuff i didn't even know. That's Linus and this channel. There is so much stuff to keep keeping up with there is just no way the average person can keep up with just Tech singularly. So cheers to Thio for helping us all to becoming at PC Tech/Tech. I had no damn idea about this browser setting. Thanks man!
i bet you have to throw all this tech stuff in dustbin when ar and vr are the really and no buddy use keyboard or touch screen in daily use.
*Windows 11 and DHCP*
I tried to force DNS on all the time but when I try to change to MANUAL in the settings the other options are greyed out and when I SAVE the manual setting it just reverts back to AUTO. Just messing around, but I suspect this is a work in progress and possibly not something end users are allowed to mess with quite yet. I did enable it for Chrome as per the video instructions.
For me this works on firefox but for some reason the setting is greyed out in chrome and it won't let me turn it on
Is this similar to using a DNS on the router level? I have an Asus AC88U. There is a WAN DNS Setting under the Advanced Settings - WAN. Would this work the same without configuring individual devices?
Thio joe is the best youtuber ever
I am one of the youtubers of all time
Would I need to do this if I already have Cloudfare set at the router level (to point to their DNS) ?
To Enable DNS over HTTPS (DoH) on the Opera Browser,
Click on the Opera icon to open the browser's menu,
Pick Settings from the menu,
In Settings, click on Advanced
On the right, scroll down to the System section.
Turn on the option Use DNS-over-HTTPS instead of the system's DNS settings.
Great stuff man,
The only problem is for some reason in Google Chrome on desktop once I close out of Google Chrome, DNS is no longer secure and so I have to fix the setting every time I open Chrome, how do you save this browser setting?
Hey ThioJoe: I got the cloud flare dns to work on my Android but am still vulnerable to SNI hacking?
Yes. Ech is still in draft stage and no software supports it. Even Firefox's implementation is currently broken afaik. Your best bet is to grab an older version of firefox for Android with working esni and use that for web browsing
One thing to note: it won't work in Edge if you use tools like O&OShutup10 to configure Windows 10 privacy. I just enabled the DNS in my router instead.
2023 edit: For those who don't already know, Windows 11 sets DNS over TLS separately from Edge so you can just enable it there. In most cases, just add the DNS numbers, choose "On (automatic template)", and you're good to go.
Should I be using "Public Network" or "Private Network"? I have a modem from my IPS & using Windows.
Hlo bro! You are my hero of computer science🖥️💻😊😊😇😉
One thing I like about Firefox. This setting is already enabled.
Owesome bro
I can't see it on chrome, I went to the Privacy and Security section but when I scrolled down to the Advance section, there's no option for secure DNS, only Manage security keys, Manage certificates, and Google Advanced Protection Program.
Note = I'm using Chrome Version 91.0.4472.77 (Official Build) (64-bit) on Linux Mint if that help's.
Worked for me on mobile. Use to just put Google to redirect it but will try 1dotcloud. My work computer was grayed out, even tho I was logged in chrome with my personal account the network is "managed"
@5:40 For android; Are you saying to choose 'automatic' then? but if 'automatic' can't be chosen then to choose 'private DNS provider name' instead? You just haven't specifically specified to choose automatic so I'm asking.