What happens when you access/login to non-secured HTTP/non-HTTPS sites? - Overclock.net - An Overclocking Community
Forum Jump: 

What happens when you access/login to non-secured HTTP/non-HTTPS sites?

 
Thread Tools
post #1 of 6 (permalink) Old 04-07-2020, 09:45 AM - Thread Starter
New to Overclock.net
 
Join Date: Mar 2020
Posts: 10
Rep: 0
What happens when you access/login to non-secured HTTP/non-HTTPS sites?

Does DoH and/or DNS encryption apply to non-HTTPS/HTTP-only sites? For example, if I:
- Use Android 9.0/10.0
- Set AdGuard to use HTTPS filtering + DoH (Cloudflare)
- Set Chrome to use DoH (Cloudflare)
- Set router (both Wi-Fi and LAN) to use 1.1.1.1, 1.0.0.1 Cloudflare DNS address pool
- Set DLS/cable modem to use 1.1.1.1, 1.0.0.1 Cloudflare DNS address pool

Then what happens when/if I login to a non-HTTPS/HTTP-only site? Would DNS encryption apply in such a case?
DirtyAngelica is offline  
Sponsored Links
Advertisement
 
post #2 of 6 (permalink) Old 04-13-2020, 03:45 AM
New to Overclock.net
 
Join Date: May 2008
Posts: 2,224
Rep: 170 (Unique: 132)
Different techs, DOH encrypts the DNS lookup whereas HTTP/HTTPS is enyption on the content coming to your browser

DNS is like a phonebook which matches the dns name to ip address. By encypting this it prevents somone listening in to the DNS requests you are making, and (in theory) prevents an attacker from spoofing responses.

It is pretty pointless when visiting a HTTP site, and also not great for privacy as you will send the site name in SNI only, making the huge thing about it the anti spoofing protection.

Hope that helps

Quote:
Originally Posted by thydevil go_quote.gif
AWESOME. Buy 1600 point card = $19.99. Buy two 800 point cards = $19.98
Save big.
Quote:
Originally Posted by someone153 go_quote.gif
Shhhh! Don't tell Microsoft. They might discover our secret.
>XXX
Ulquiorra is offline  
post #3 of 6 (permalink) Old 04-13-2020, 12:38 PM - Thread Starter
New to Overclock.net
 
Join Date: Mar 2020
Posts: 10
Rep: 0
Kind of... So DoH only helps when visiting HTTPS because of the whole 443/80 port utilization?


I am also confused about using Cloudflare... Using 1.1.1.1/1.0.0.1 DNS by itself does not result in passing Cloudflare DoH test. It only works if you specifically enable DoH via browser or via YogaDNS. My old iPad always fails Cloudflare DoH test, even though it is set to use 1.1.1.1/1.0.0.1 and DNS Leak Test shows Cloudflare for DNS. So there's generic Cloudflare DNS 1.1.1.1/1.0.0.1 and then there's DoH Cloudflare DNS for same 1.1.1.1/1.0.0.1?
DirtyAngelica is offline  
Sponsored Links
Advertisement
 
post #4 of 6 (permalink) Old 04-14-2020, 01:03 AM
New to Overclock.net
 
Join Date: May 2008
Posts: 2,224
Rep: 170 (Unique: 132)
Correct, If you were to use DNS over HTTPS to vist a plain text HTTP site your DNS would be protected but the content of the site wouldnt be, if your goal is privacy, the fact the site is in plain text would defeat that, and if the goal is prevent spoofing, plain text can easily be messed with.

When you browse to a site both the lookup for the site and the site itself needs to be protected for it to have any effect.


And for the second yup, DNS over HTTPs is a totaly differnt tech than DNS and runs on differnt "ports". Ports are numbers where your device "knows" to send traffic, and people hosting servers "know" what port to host on. HTTP is usually 80, HTTPS usually 443 and DNS usually 443

DNS has been around for years and runs on port 53. Every device knows how to talk this service and there are many providers of the service, your ISP, Google and cloudflare. Its plain text, but its just "works"

DNS over HTTPS is pretty new in tech terms and not much supports it, android 10, some browsers such as firefox, and some open source projects. It usually runs over port 443 to make it "look" like normal browsing and very few companies offer DNS over HTTPs servers. I dont think there is native support in Windows, Linux or iOS yet.

As they are running on differnt ports, Cloudflair offer both DNS (port 53) and DNS over HTTPS (port 443) for people to use. So you are using CloudFlair DNS on the Ipad, and CloudFlair DNS over HTTPS on the browser

Quote:
Originally Posted by thydevil go_quote.gif
AWESOME. Buy 1600 point card = $19.99. Buy two 800 point cards = $19.98
Save big.
Quote:
Originally Posted by someone153 go_quote.gif
Shhhh! Don't tell Microsoft. They might discover our secret.
>XXX
Ulquiorra is offline  
post #5 of 6 (permalink) Old 04-14-2020, 01:01 PM - Thread Starter
New to Overclock.net
 
Join Date: Mar 2020
Posts: 10
Rep: 0
Thanks! DNS privacy is a bit puzzling. It seems more like a popular thing to do. Based on my ability to read English, Cloudflare's ESNI page strongly suggests that even if you, your hardware, software, and the website to which you are connecting utilize all 4 common DNS protections: DoH, DNSSEC, TLS 1.3, and ESNI, it only hides bits and pieces from your ISP, but your ISP can still see the IP addresses to which you connect... You can convert IP addresses to websites and then find out so much more information from that... An ISP is just a middle man, therefore, just like a hacker trying to use DNS to screw you. If ISP can determine all that with all DNS protections in place, then can a hacker, right?
DirtyAngelica is offline  
post #6 of 6 (permalink) Old 04-16-2020, 07:22 AM
New to Overclock.net
 
Join Date: May 2008
Posts: 2,224
Rep: 170 (Unique: 132)
Not really, "hacker" is just a general term for a bad person. Imagine it like a house, many types of thieves, some will nock the front door in, some will just check the door others will pick the lock. Another one, moves into your spare room and nicks everything while you sleep

ISP's are in a privelged place to see you, and if you connect to a open unencypted wifi anyone in range can see everything, most hackers are not!

Quote:
Originally Posted by thydevil go_quote.gif
AWESOME. Buy 1600 point card = $19.99. Buy two 800 point cards = $19.98
Save big.
Quote:
Originally Posted by someone153 go_quote.gif
Shhhh! Don't tell Microsoft. They might discover our secret.
>XXX
Ulquiorra is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off