This article is a repost promoting content originally published elsewhere. See
more things Dan's reposted.
Recently, Google officially launched Android 9 Pie, which includes a slew of new
features around digital well-being, security, and privacy. If you’ve poked around the network settings on your phone while on the beta or after updating, you may have noticed a new
Private DNS Mode now supported by
This new feature simplifies the process of configuring a custom secure DNS resolver on Android, meaning parties between your device and the websites you visit won’t be able to snoop
on your DNS queries because they’ll be encrypted. The protocol behind this, TLS, is also responsible for the green lock icon you see in your address bar when visiting websites over
HTTPS. The same technology is useful for encrypting DNS queries, ensuring they cannot be tampered with and are unintelligible to ISPs, mobile carriers, and any others in the network
path between you and your DNS resolver. These new security protocols are called DNS over HTTPS, and DNS over TLS.
Bad: Android Pie makes it harder (than previous versions) to set a custom DNS server on a cellular data connection.
Good: Android Pie supports DNS-over-TLS, so that’s nice.
[this post was damaged during a server failure on Sunday 11th July 2004, and it has not been possible to recover it]
[further fragments of this post were recovered on 12 October 2018]
If you’ve been reading this blog since September-ish, you’ll remember when I had about a week of ranting about the
VeriSign/SiteFinder lark: this was where VeriSign, who (in layman’s terms) are responsible for linking all .com, .net, and .org addresses to their respective servers, in September
last year put a ‘catch-all’ clause in. In other words, every possible combination of letters and numbers, followed by a .com, .net, or .org, ‘belonged’ to them. This was a complete
abuse of their position of power, and caused a great deal of faults amongst systems throughout the internet. In addition, it could eventually have been used (and evidence suggests that
the intention was there) to monopolise the internet’s search engine and advertising services.
Well; they’re at it again, as this article (“SiteFinder vs. Engineers: Our Mistake Is
Ignorance”) discusses, so you’re likely to see me ranting at least a little more. If they do decide to do it again, they’ve stated that they will “provide 60 or 90 days warning, in
order for the appropriate technological …
Alex, my incompetent co-worker, came up with the following gem in today’s meeting when talking about a product that would aid employers in securely tracking how long their employees
actually spend working:
“It’s not going to have any of that… security… nonsense.”
I shall have to beat him to death later.
P.S. told you that this thing was going to get big, quick. The
Register reports “All your Web typos are belong to us”, and I quote: “Already a backlash is building, with Net admins being urged to block Verisign’s catch-all domain. This
could get very messy.”