Submitted via IRC for SoyGuest31999
Android, the world's most popular mobile operating system, will soon enable a security protocol that helps keep internet service providers (ISPs) from spying on users. "DNS over TLS" adds a level of encryption to your DNS requests that are (mostly) inaccessible by your ISP.
[...] Using current methods, the requests happen through UDP or TCP protocols, not the more secure TLS. When Android makes the switch, you'll get the same results, only now with HTTPS-level security. That is to say, snoops now know when you've connected to a website, but not which one. Pornhub, for example, is the same as Gmail. Or, it is for the person spying on you. You'll still have to live with the fact you're watching Pokemon Go porn (safe-ish for work).
(Score: 2) by tibman on Thursday October 26 2017, @02:43PM (1 child)
Out of band cert delivery most likely. Just like how it's done in your web browser today. You get certs for cert signing authorities when you install.
SN won't survive on lurkers alone. Write comments.
(Score: 2) by TheRaven on Thursday October 26 2017, @03:21PM
You could potentially provide the cert in the DHCP response (though there's no standard for this yet), which at least means that you'd need to spoof DHCP, but that's not actually hard...
[1] Okay, it's a large number (and a much larger number than I'm entirely comfortable with) of certs.
sudo mod me up