![]() And for me it would be another hard 'no' for using your product - you are thinking you know better than me or even guys from Redmond. Means you have a pretty perverse understanding on how things can and should be done. Which not only would leak the internal names but explicitly break the resolving, because it would be performed from the public Internet.Īlso reading further the only place where the /behaviour/ is somewhat explained is the end of DNS configuration article It is not a good marker what I needed to deep-dive in the multiple docs and blog articles to find out how exactly you iteract with DNS.Īnd also knowing what you outright disabled 'dnscache' on Windows machines before. If I understand from your blog you would intercept and reroute this query to the DNS servers configured in the Portmaster. Eg I would have a split-brain DNS with only a handful of A records on the public side, while a lot more on the internal side (accessible through VPN, for example). This is pretty confusing.įor the well known zones (listed on that page) sure. Current link (i) just throws you to Wikipedia without explaining anything. Maybe add an (i) explaining why do you ask for the prefix? Could be a free bonus point for you for respecting the users privacy. I've encountered this type of selection, but extremely rare. > We know the resulting UX with the phone prefix is uncommon We document everything we do and that can be verified by inspecting the source code. I have difficulties seeing your concerns here. Just as browsers, who enforce DoH, manipulate network traffic, or VPN software. Specifically, via the Windows Filtering Platform APIs This means network packets can be intercepted. Īnd lastly, yes Portmaster deeply integrates into the OS via a kernel extension. Also, here is the context of that time if you are interested. ![]() A re-evaluate is probably due since a lot happened in the meantime. We opted for them since they were the fastest at a time when Portmaster itself had speed issues. We are not too content with Cloudflare as the default. As a summary, local queries or not leaked. ![]() ![]() We know the resulting UX with the phone prefix is uncommon, but thought it superior to storing your IP (which most companies do while hiding that fact away in the Terms of Service)įor the DNS implementation, we do have in depth docs talking about DNS integration. We chose the approach we felt respected user privacy the most. Many tech companies collect all three, with the addition of collecting the full phone number instead of only the prefix. In order to attribute an Internet user to a country you have to collect 2 of these 3 data points, and naturally they have to overlap. Why do you even bother with country AND prefix?įor users subscribing to the SPN, we are required by law to pay taxes. > And if you check country prefix with the list of country prefixes anyway. says they are forwarding to Cloudflare by default. The "SPN" idea is interesting, but also raises the questions about who, where and how would control exit nodes. Overall, this is the product which could be useful for many users, but for me it's a hard no. Where exactly Portmaster would send the DNS queries?Īctual kernel module on Windows so it really can do anything it wants and wouldn't be catched by the machine itself? I use my own Unbound locally, how Portmaster would handle queries for NSs in the Unbound config which are unknown to the world - leak them? What about the DNS resolvers configured in the system? Do you hijack/overwrite them? > The Portmaster actually handles DNS itself and will show you DNS queries in the UI Why do you even bother with country AND prefix? Put simply: TinyWall allows you to control which applications can access the Internet and gives you access to advanced options, without the need to install a third-party firewall.> Country does not match with the country prefix for your phone numberĪnd if you check country prefix with the list of country prefixes anyway. His conclusion was that if you want to control which applications can access the Internet and use other advanced options, you'd be better off with a third-party firewall. So it's more secure to start with, but requires some thought on your part to use.Ĭhris recently showed you how the Windows 7 firewall compares to other firewalls. This software blocks everything when you first install it and counts on you to grant Internet access only to software you trust. Every time you install a new program you're asked whether you want that program to have Internet access. TinyWall changes that. It's also, for good or for ill, very easy to use. The XP firewall was infamously porous, but it's pretty good in Vista and 7. With the second service pack of Windows XP, Microsoft added a feature to Windows too few users were adding themselves - a firewall.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |