Interesting… Well, this prompted me to search what Pi-Hole has done for this, and they seem to have a way to continue blocking even DoH, using “cloudfared”, which is another daemon that needs to run with Pi-Hole… They can’t possibly think their enshittification will continue to work.
Comment on Samsung brings ads to US fridges
wetbeardhairs@lemmy.dbzer0.com 11 hours agoPihole’s act as a DNS or “Dynamic Name Server”. All internet traffic is IP based once it leaves your home because routers dont know how to forward traffic for “samsung-ad-hell.com”, so there is a dedicated kind of packet for “Where is samsung-ad-hell.com located?” and that is a DNS Lookup. The Pihole pretends to know because it maintains a list of bad urls that host websites that only support privacy exploitation and advertisements and tells them “oh you want to go to 0.0.0.0, that’s where you’ll find your stuff” as it snickers.
But DNS Lookups were always plain text. When your laptop says "Where is big-booties.com" your ISP knows you want porn. Now there is a new variant called “Secure DNS Lookup” which encrypts the url you’re asking about. The ISP knows you’re asking for a domain’s IP, but it can’t know which one and it no longer cares. Neat.
The trouble is that the Pi-Hole can no longer protect us from all the stupid fucking smart devices that want to earn a fraction of a penny per device by spying on us because THEY use the new Secure DNS Lookup.
borth@sh.itjust.works 11 hours ago
Peruvian_Skies@sh.itjust.works 3 hours ago
It works on 99% of consumers. As long as prevebting the ebshittification from stealing your data requires effort and knowledge, this will continue to be the case. Hence the arms race between enshittifiers and human beings.
tetris11@lemmy.ml 11 hours ago
It’s not a huge issue, you need a DoH resolver now (e.g. your browser which has a secure connection to a secure DNS server) which cannot block <script> from requesting the ad, but can definitely block <script> from displaying it once the domain resolves.
Extra overhead though, agreed
wetbeardhairs@lemmy.dbzer0.com 11 hours ago
Wow really? I was under the impression that the SSL part would prevent the pihole from being able to spoof itself as a legitimate DNS
very_well_lost@lemmy.world 10 hours ago
Not to be pedantic, but a pihole is legitimate DNS. Being able to do your own DNS has always been a fundamental part of the Internet Protocol, and is used a lot in enterprise to handle name resolution for internal subnets and stuff like that.
wetbeardhairs@lemmy.dbzer0.com 10 hours ago
Being pedantic is totally OK here - we’re talking about SSL’s spoof protection. I’ll have to look up how any rando can host a DNS that supports DNS/HTTPS when a system would be expecting a valid SSL cert that declares who it was issued to and by whom and the requester is expecting a particular whom.
FishFace@lemmy.world 10 hours ago
SSL operates after name resolution. It’s one way that information about your browsing habits is not protected by application-layer encryption; the domains you’re visiting are available to your DNS server.
frongt@lemmy.zip 6 hours ago
Unless you’re using DNS over TLS!
Or DNS over https, but that’s kind of gross.