Here’s a way (on iOS 14) of combining a WireGuard VPN with a separate encrypted DNS resolver: install a DNS profile (encrypted-dns.party) or app (DNSecure, NextDNS, iVerify) and then remove the DNS server(s) in your WireGuard profile.

libredd.it/r/nextdns/comments/

Show thread

Interesting, AdGuard is coming out with “Virtual Cards.” Sounds similar to Privacy.com.

adguard.com/en/promo/virtual-c

Nice, Passepartout now supports using a separate, encrypted DNS resolver with a VPN connection. Using a resolver like NextDNS with a VPN just became a bit easier on iOS.

libredd.it/r/nextdns/comments/

passepartoutvpn.app

Looks like PrivateStorage is finally launching later this year.

"PrivateStorage began as a joint venture between Least Authority and Private Internet Access. Together, we facilitated user testing as we investigated improvements to increase the usability of the application. At the end of 2020, the two companies mutually agreed to change their relationship and PrivateStorage is now 100% owned by Least Authority."

nitter.nixnet.services/PvtStor

privatestorage.io/about-us/

“[Mullvad’s] public DNS service (currently in beta) offers DNS over HTTPS (DoH) and DNS over TLS (DoT), with QNAME minimization and basic ad blocking. It has been audited by the security experts at Assured.”

mullvad.net/en/help/dns-over-h

My current collection of domain-based filterlists for Pi-hole, ~4M unique. Excessive? Maybe, but I don't mind 😅

gitlab.com/-/snippets/2083166

nice, I can now get RSS feeds for these email-only newsletters using github.com/leafac/kill-the-new.

- This Week in Security: this.weekinsecurity.com

- The Wiretap: forbes.com/newsletter/thewiret

Quad9 is moving to Switzerland:

“The Swiss government produced findings of law that Quad9 is exempt from both law enforcement and intelligence data-collection and retention requirements, as well as KYC.”

- quad9.net/news/blog/quad9-publ
- Discussion: teddit.net/r/privacytoolsIO/co

Help users in Iran reconnect to Signal

“We’ve added support in Signal for a simple TLS proxy that is easy to set up, can be used to bypass the network block, and will securely route traffic to the Signal service.”

signal.org/blog/help-iran-reco

Interesting new open-source iOS app, ZudVPN. Deploy a personal IKEv2 VPN with Pi-hole to a VPS *from* the app.

- zudvpn.com
- github.com/zudvpn/ZudVPN

Added to encrypted-dns.party for Apple devices:

- Faelix Privacy DoH: faelix.net/ref/dns/#privacy-dn
- Free Radio Munich DoH: ffmuc.net/wiki/doku.php?id=knb

And now looks like there are signed profiles directly from dnsforge.de and get.yepdns.com.

Show thread

Helpful filterlist for uBlock Origin, "Fuck Fuckadblock," a successor to reek's "Anti-Adblock Killer list."

bogachenko.github.io/fuckfucka

Watching this video [1] comparing the malware blocking effectiveness of 3rd party DNS resolvers got me thinking...

For some security focused use cases wouldn't it be valuable if there were a way to leverage multiple DNS resolvers with a strategy where DNS requests are sent to multiple resolvers in parallel and responses are returned only once it's determined that no resolver blocked the request? 🤔

[1] forums.lawrencesystems.com/t/d

Show thread

Playing with Pi-hole [1] and PiVPN [2] on a VPS and learned about the Pi-hole Remote iOS app [3] on the subreddit [4]. Wow, it’s really nice! 😍

[1] pi-hole.net
[2] pivpn.io
[3] apps.apple.com/us/app/pi-hole-
[4] teddit.net/r/pihole

TIL reading CitizenLab's "Great iPwn" report from last month [1] that Turkey’s Government-run Computer Emergency Response Team (USOM) [2] maintains a public filterlist of malicious hosts they observe.

Hosts: usom.gov.tr/url-list.txt (~90k domains, ~2 MB)

[1] citizenlab.ca/2020/12/the-grea
[2] en.wikipedia.org/wiki/TR-CERT

Nice, @ooni’s Probe app recently added a test to validate connectivity to @riseup’s VPN.

- ooni.org/nettest/riseupvpn

Show older
nitrohorse Ⓐ

Personal instance of nitrohorse (nitrohorse.com).