News and Reviews > Mini-Reviews by Members

OpenDNS + DNSCrypt - Mini-Review

<< < (2/3) > >>

IainB:
2014-06-08 1605hrs: I have just updated the opening post with some more information.
The OpenDNSCrypt version has not been incremented/changed, and it still runs flawlessly after my having migrated it from a laptop using Win7-64 to Win8.1.

Some people (not me, you understand) might say that, In light of revelations regarding snooping - e.g., including US-driven **AA (music licencing Mafia) snooping, US/UK+Others NSA/SnowdenGate snooping, Australian and NZ Government authorised censorship snooping - installing OpenDNSCrypt could be a no-brainer for users wishing to protect their rights to privacy and security of personal information, but I couldn't possibly comment.

IainB:
An announcement from OpenDNS.

Link via Lifehacker: http://lifehacker.com/good-news-for-users-of-opendns-no-more-ads-ads-were-p-1583933443
A new reason to love OpenDNS: no more ads or redirections.
The OpenDNS Guide is going away.

Starting on June 6, 50 million plus users of OpenDNS’s free DNS around the world will no longer see ads in our service. We put a great deal of thought into this decision. Here’s why we made the call to eliminate it:

    We always want to do what’s best for you.
    The Internet has evolved and it’s simply no longer in the best interest of Internet users to redirect to search results. The OpenDNS Guide was, until recently, a helpful tool. If the website you wanted to visit wasn’t loading, we took you to search results instead of an error page. But times have changed. Browsers work differently. Internet users have become accustomed to their browser address bar behaving like a search box. We want to give you the behavior you expect. As of June 6th, all of OpenDNS’s users will get NXDOMAIN and SERVFAIL messages to get truly RFC compliant DNS.
    Ads are annoying.
    Let’s be honest, few of us like to see them. So we’re making them go away, at least within OpenDNS. We provide the safest, fastest and most reliable DNS service in the world free of charge. The revenue from the ads on the Guide has historically enabled us to do that. But we’re excited to report that in the past few years we’ve built a thriving enterprise security business and now have more than 10,000 happy, paying customers. So, while that revenue from ads is nice, it’s more important to us to provide you with a delightful user experience.
    Ads and security don’t mix.
    OpenDNS is a security company above all else, and ads can often be a vector for security infections and intrusions. Malware might surface through third-party ad networks, or be hidden inside the ad creative itself in the form of flash exploits or javascript tricks. Removing the ads makes our service more secure and that’s a good thing for both users of our free DNS service and of our enterprise security service. Finally, pretty much every major ad network out there participates in pervasive user tracking through cookies. Those cookies can compromise your privacy, and in the wrong hands, your security. Less of that is better for you.



--- End quote ---

Deozaan:
Is DNSCrypt abandonware? The Windows client hasn't been updated in two years. . .

IainB:
Is DNSCrypt abandonware? The Windows client hasn't been updated in two years. . .
-Deozaan (June 08, 2014, 04:33 AM)
--- End quote ---

I wondered the same, but came to the conclusion that it would not be correct to call it abandonware, as it has not been abandoned - it just doesn't require any further development at this stage. Quickly putting it into the Public Domain after it had achieved final version was probably a calculated move done by OpenDNS before anyone could stop them. They deliberately opened a sort of Pandora's box. It's all about transparency and trust.
That was why, in my update to "version" in the opening post I changed it to read "DNSCrypt up to v0.0.6 (since May 2012)".

The thing is, OpenDNSCrypt apparently does exactly what it was designed to do - i.e., simply provide PC<-->OpenDNS node encryption - so no further development would be needed unless (say) the encryption protocol, or something, needs to be changed for some reason.
My observation would be that it was a quite legitimate additional security service, effectively frustrating/preventing classic criminal "man-in-the middle" attacks, which would be an extremely inconvenient service for any establishment-approved agencies undertaking surveillance/censorship at the user's ISP node. Those agencies are effectively conducting "man-in-the middle" attacks and are also probably gathering "DNS leakage" data - both of which would be effectively blocked by OpenDNSCrypt.

The traffic that used to flow between the user's PC and that ISP node was in clear and could be inspected anywhere between the User's PC and that ISP node, whereas, if the user has now enabled OpenDNSCrypt, then now that traffic is encrypted between the user's PC and the OpenDNS node.
Thus, it is now unintelligible encrypted traffic that flows through the ISP node, and even if (say) one's Cisco ADSL modem/router had been compromised by these agencies, the now unintelligible encrypted traffic that flows through it to/from the PC would be of no use.

This would seem to force the point of surveillance/censorship to be moved to either inside the OpenDNS node or on to the Cloud-side of the communication links from that node. So it "...would be an extremely inconvenient service" for criminal organisations and/or establishment-approved agencies undertaking surveillance/censorship.
Bit of a bugger, that.    :D

Deozaan:
All I know is that I have frequent connectivity issues that are almost always traced back to DNSCrypt. I.e., my problems go away when I disable DNSCrypt. And that's even with the "Fall back to insecure DNS" enabled.

Navigation

[0] Message Index

[#] Next page

[*] Previous page