Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Monday November 12 2018, @06:15AM   Printer-friendly
from the 256.256.256.256 dept.

Cloudflare rolls out its 1.1.1.1 privacy service to iOS, Android

Months after announcing its privacy-focused DNS service, Cloudflare is bringing 1.1.1.1 to mobile users.

Granted, nothing ever stopped anyone from using 1.1.1.1 on their phones or tablets already. But now the app, now available for iPhones, iPads and Android devices, aims to make it easier for anyone to use its free consumer DNS service.

The app is a one-button push to switch on and off again. That's it.

Cloudflare rolled out 1.1.1.1 earlier this year on April Fools' Day, no less, but privacy is no joke to the San Francisco-based networking giant. In using the service, you let Cloudflare handle all of your DNS information, like when an app on your phone tries to connect to the internet, or you type in the web address of any site. By funneling that DNS data through 1.1.1.1, it can make it more difficult for your internet provider to know which sites you're visiting, and also ensure that you can get to the site you want without having your connection censored or hijacked.

Apple and Google Play.

Also at Android Police and Fast Company.

Previously: Cloudflare Launches 1.1.1.1 Consumer DNS Service
Cloudflare's New DNS Attracting 'Gigabits Per Second' Of Rubbish


Original Submission

Related Stories

Cloudflare Launches 1.1.1.1 Consumer DNS Service 27 comments

On April Fool's Day and Easter Sunday, Cloudflare launched a new "privacy-oriented" domain name system (DNS) service with two IP addresses: 1.1.1.1 and 1.0.0.1. These addresses were offered by the Asia-Pacific Network Information Centre (APNIC) in exchange for allowing APNIC to study the "garbage traffic" often sent to them. The service supports both DNS-over-TLS and DNS-over-HTTPS, and DNSPerf currently ranks 1.1.1.1 as the fastest consumer DNS resolver:

Cloudflare is launching its own consumer DNS service today, on April Fools' Day, that promises to speed up your internet connection and help keep it private. The service is using https://1.1.1.1, and it's not a joke but an actual DNS resolver that anyone can use. Cloudflare claims it will be "the Internet's fastest, privacy-first consumer DNS service." While OpenDNS and Google DNS both exist, Cloudflare is focusing heavily on the privacy aspect of its own DNS service with a promise to wipe all logs of DNS queries within 24 hours.

DNS services are typically provided by internet service providers to resolve a domain name like Google.com into a real IP address that routers and switches understand. It's an essential part of the internet, but DNS servers provided by ISPs are often slow and unreliable. ISPs or any Wi-Fi network you connect to can also use DNS servers to identify all sites that are visited, which presents privacy problems. DNS also played an important role in helping Turkish citizens avoid a Twitter ban.

Also at VentureBeat and Engadget.


Original Submission

Cloudflare's New DNS Attracting 'Gigabits Per Second' Of Rubbish 5 comments

Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Centre (APNIC).

The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy.

"We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post.

"We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Interesting) by Anonymous Coward on Monday November 12 2018, @06:45AM (1 child)

    by Anonymous Coward on Monday November 12 2018, @06:45AM (#760824)

    How does hijacking my DNS help ensure my DNS isn't being hijacked?

    • (Score: 2) by coolgopher on Monday November 12 2018, @06:53AM

      by coolgopher (1157) on Monday November 12 2018, @06:53AM (#760827)

      This one is opt-in.

      If the app devs were particularly nice they'd make the 1.1.1.1 configurable (I'd be fine with that setting being hidden off somewhere "advanced"). That would make it a useful app.

  • (Score: 0) by Anonymous Coward on Monday November 12 2018, @06:49AM (7 children)

    by Anonymous Coward on Monday November 12 2018, @06:49AM (#760826)

    it can make it more difficult for your internet provider to know which sites you're visiting

    So, let's give all that to Cloudflare for some reason?

    You know, all these specious claims about "privacy" are bullshit, right? They have to answer to the authorities like everyone else. Whatever, you still have to take them at their word.

    I hear the safest way to do DNS is to roll your own, on a pi or something.

    • (Score: 3, Informative) by Runaway1956 on Monday November 12 2018, @07:32AM (6 children)

      by Runaway1956 (2926) Subscriber Badge on Monday November 12 2018, @07:32AM (#760830) Journal

      That was my question. But TFA says they never write any query data to disk, and they wipe logs in 24 hours. So - either you believe them, or you don't. This is the same thing that makes PIA so attractive as a VPN provider. They don't log. In fact, they left Russia because Russia required their logs. They don't have logs, can't turn over any logs, so they can't comply with the law. So, the question here, is whether you believe Cloudfare or not.

      • (Score: 2) by MichaelDavidCrawford on Monday November 12 2018, @07:51AM (1 child)

        by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday November 12 2018, @07:51AM (#760832) Homepage Journal

        I don't. That's why I always use DDG's Tor Hidden Service.

        --
        Yes I Have No Bananas. [gofundme.com]
        • (Score: 2) by Runaway1956 on Monday November 12 2018, @10:58AM

          by Runaway1956 (2926) Subscriber Badge on Monday November 12 2018, @10:58AM (#760863) Journal

          I am considering using this 1.1.1.1 for my home network. I want to research it a little first, but I'm considering it. The family won't consider changing their DNS servers, I have to do it on the router for them. If this is all that it claims to be, then the network will be a bit faster, and family members gain some security. As for techies and nerds who demand the bestest, maybe this isn't so very good. So, we're still down to "who do you trust" or "who can you trust". Research is in order, I do believe.

      • (Score: 2) by legont on Monday November 12 2018, @03:44PM (3 children)

        by legont (4179) on Monday November 12 2018, @03:44PM (#760937)

        Actually, it appears that Russia currently prohibits VPN's outright. NordVPN that I use still has servers over there though. I wonder how so (and how it is compared to PIA)

        --
        "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
        • (Score: 2) by Runaway1956 on Monday November 12 2018, @04:26PM (2 children)

          by Runaway1956 (2926) Subscriber Badge on Monday November 12 2018, @04:26PM (#760953) Journal

          https://www.deepdotweb.com/2014/07/08/is-your-vpn-legit-or-shit/ [deepdotweb.com]

          I looked around a little bit - clicked several search links to see what I could see. Some links graded Nord pretty badly, but they seem to be people who don't know how to set up a VPN,and ran into difficulties. Most great pages about Nord seem to trace back to Nord. They even quote Nord advertisements, to "prove" how great Nord is. Shills are shills, everywhere you find them.

          The link I provided above, indicates that Nord ranks among the top ten, right along with PIA. I can't explain why PIA dumped their Russian servers, but Nord kept them.

          Hmmm - changing from "search the web" to "news" offers more relevant links:

          https://nordvpn.com/blog/russia-service-update-in-light-of-new-surveillance-law/ [nordvpn.com] Nord seems to acknowledge that they are violating Russian law, by offering "double VPN".

          https://www.techrepublic.com/article/russia-vpn-ban-what-tech-pros-and-business-travelers-need-to-know/ [techrepublic.com]

          So, I dunno - I'm not finding anything definitive.

          • (Score: 3, Informative) by legont on Monday November 12 2018, @05:57PM (1 child)

            by legont (4179) on Monday November 12 2018, @05:57PM (#760987)

            I can share my own experience... NordVPN servers sometimes go stale probably because they don't have balance loader. On Linux a little script solves it, but I have to reconnect manually about twice per week on android. Other than that - assuming one knows what DNS is - works very well. I do use servers all over including Russia.

            My biggest issue is that many mainstream services either discourage the use of NordVPN by slowing down or silently refuse to work claiming downtime and/or various errors. Among them are Citi, Chase, Amazon, Craiglist ... Life of suppressed peoples is probably getting harder because of it.

            --
            "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
            • (Score: 1) by fustakrakich on Monday November 12 2018, @09:57PM

              by fustakrakich (6150) on Monday November 12 2018, @09:57PM (#761055) Journal

              It seems that VPN has a problem if anybody knows you're using it, same for Tor. They have to be more transparent to the system, blend in better with the noise.

              --
              La politica e i criminali sono la stessa cosa..
  • (Score: 2) by MichaelDavidCrawford on Monday November 12 2018, @07:54AM (2 children)

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday November 12 2018, @07:54AM (#760833) Homepage Journal

    $ ping 1.1.1.1
    PING 1.1.1.1 (1.1.1.1): 56 data bytes
    64 bytes from 1.1.1.1: icmp_seq=0 ttl=56 time=225.466 ms
    64 bytes from 1.1.1.1: icmp_seq=1 ttl=56 time=224.631 ms


    Now that I've cancelled Comcast at home, I expect most of my ping time is due to using my iPhone's Personal Hotspot to get online with T-Mobile.

    I pay extra for their "Business Plan". I like to think that's what gives me unlimited data but honestly I don't know. At the time that the T-Mobile shop offered me their Business Plan, I was manic, so the $70 per month seemed like a wise use of my limited fifteen grand.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 2) by mobydisk on Monday November 12 2018, @06:09PM

      by mobydisk (5472) on Monday November 12 2018, @06:09PM (#760991)

      20-25ms for me, FYI.

    • (Score: 2) by deimtee on Monday November 12 2018, @06:55PM

      by deimtee (3272) on Monday November 12 2018, @06:55PM (#761003) Journal

      bash-4.3$ ping 1.1.1.1
      PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
      64 bytes from 1.1.1.1: icmp_seq=1 ttl=54 time=13.3 ms
      64 bytes from 1.1.1.1: icmp_seq=2 ttl=54 time=12.6 ms
      64 bytes from 1.1.1.1: icmp_seq=3 ttl=54 time=12.1 ms
      64 bytes from 1.1.1.1: icmp_seq=4 ttl=54 time=12.7 ms
      64 bytes from 1.1.1.1: icmp_seq=5 ttl=54 time=14.2 ms

      --- 1.1.1.1 ping statistics ---
      5 packets transmitted, 5 received, 0% packet loss, time 4006ms
      rtt min/avg/max/mdev = 12.110/13.010/14.223/0.723 ms

      I dunno, is that good?

      --
      If you cough while drinking cheap red wine it really cleans out your sinuses.
  • (Score: 2) by MostCynical on Monday November 12 2018, @08:03AM (5 children)

    by MostCynical (2589) on Monday November 12 2018, @08:03AM (#760836) Journal

    why do people need an app? Is it because the settings on "normal" android are too complex/hidden/locked that people can't change them?

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
    • (Score: 4, Touché) by VeasMKII on Monday November 12 2018, @08:22AM (1 child)

      by VeasMKII (2271) Subscriber Badge on Monday November 12 2018, @08:22AM (#760838) Homepage

      You know the answer is yes.

      • (Score: 1, Touché) by Anonymous Coward on Monday November 12 2018, @06:58PM

        by Anonymous Coward on Monday November 12 2018, @06:58PM (#761005)

        He's just fucking with Betteridge.

    • (Score: 2) by Runaway1956 on Monday November 12 2018, @11:02AM (1 child)

      by Runaway1956 (2926) Subscriber Badge on Monday November 12 2018, @11:02AM (#760864) Journal

      Let us keep in mind that configuring Firefox is too complex/hidden/locked for most people. About:config scares them, so they download addons that promise to configure Firefox for them. Many, or even most, of those addons can be implemented by the user through about:cofig.

      • (Score: 0) by Anonymous Coward on Monday November 12 2018, @02:11PM

        by Anonymous Coward on Monday November 12 2018, @02:11PM (#760910)

        And the fear is very illogical, it's some random extension they should be afraid of. "requires permissions to track your every move till eternity..."

        But such are people.

    • (Score: 2) by rigrig on Monday November 12 2018, @11:43PM

      by rigrig (5129) Subscriber Badge <soylentnews@tubul.net> on Monday November 12 2018, @11:43PM (#761096) Homepage

      Yes.

      The only way to manually change (only) the DNS server is from a rooted terminal.
      You can switch Wifi connections from DHCP to static and tell it which DNS server to use, but that means you also need to configure a static IP, for every Wifi network, and it can't be done for your mobile connection.

      This app doesn't simply change DNS settings: it's sets up a local "VPN" connection which redirects all DNS to 1.1.1.1 and passes through all other traffic.
      (Which also means you can't use it in combination with a real VPN)

      --
      No one remembers the singer.
  • (Score: 1, Funny) by Anonymous Coward on Monday November 12 2018, @01:26PM (2 children)

    by Anonymous Coward on Monday November 12 2018, @01:26PM (#760896)

    soon we'll get a app that tells people what app to install ... oh wait.

  • (Score: 2) by corey on Wednesday November 14 2018, @08:21AM

    by corey (2202) on Wednesday November 14 2018, @08:21AM (#761653)

    DNS66 allows custom DNS servers. Works a treat, with add blocking too. Unrooted phone.

    They say your ISP is less likely to track your web browsing this way. Crap, DNS is plaintext, Wireshark or tcpdump is all that's needed.

    I just got DNSSEC and DNS via TLS going in Unbound on my Freebsd server. Works great. Mitigate the above due to TLS. Need to make sure you use a CA certificate though. Not a self signed one.

(1)