No idea if that's the case, but the two are not necessarily incompatible.
https://142290803.fs1.hubspotusercontent-eu1.net/hubfs/14229...
Read it rather quickly, but looks fine at least on the surface. Sadly, there is no way I would trust anything as sensitive as DNS with the EU given their dreadful record of creeping surveillance.
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
If there are other entities (commercial or not) with similar DNS services I would be happy to hear about them.
I find some reactions here to my initial comment a bit puzzling. Yes, the EU has a number of great attempts at getting privacy legislation right. Personally, I even have sympathies for the cookie banners. But it is equally true that we have seen attempts and successes to introduce surveillance measures as well. I remember the fight against the Data Retention Directive [1] and we still have "Chat Control" lurking in the shadows. Thus, I do not think I am entirely wrong in feeling less than chuffed about the prospect of handing all my DNS queries straight over to an entity working directly under the European Commission.
But if someone here is more involved in private information retrieval tech and the likes & knows different, happy to learn more.
Personally, I'd trust an entity that is under GDPR more than one that is not.
Yeah, right. Good timing.
To be clear, the call for feedback happens _before_ a legislative draft is put forward as a proposal. The feedback will be analysed by D4, there will be things like impact assessment and finally the College of Commissioners will create a proposal for the Council and EP to start the usual legislation procedures.
[1] https://op.europa.eu/en/web/who-is-who/organization/-/organi...
PS: I’m not saying they should be shamed, just answering your question who is responsible :)
[1] https://www.reddit.com/r/europe/comments/1kvmguc/eu_is_plann...
HN Discussion: https://news.ycombinator.com/item?id=44168134
as for securing an externally available resolver, standard rules apply (disable zone transfers etc)
But if I still lived there, I would have more trust in US companies to be honest. I actually use US-based DNS to this day, Cloudflare is my number one choice.
By the way, this is from a comment in a Reddit thread linked in this HN thread:
> they want to sanction unlicensed messaging apps, hosting services and websites that don’t spy on users (and impose criminal penalties)
> mandatory data retention, all your online activity must be tied to your identity
> end of privacy friendly VPN’s and other services
> cooperate with hardware manufacturers to ensure lawful access by design (backdoors for phones and computers)
> And much, much more. And this law isn’t aimed towards big companies, all communication service providers are explicitly in scope no matter how small or open source.
> A mass surveillance law being written by unknown lobbyists behind closed doors, demanding that the EU should monitor the internet more than Russia, being pushed by the EU commission. Should be the biggest news of the decade, but isn’t.
> Also, EU commission (Ursula, Virkkunen, Brunner as the key players) are using the same high level group as a key source in their ProtectEU plan, which is their strategy for 2029 and includes restricting encryption.
Seriously, EU is slowly turning into some communist superstate. And with the technology that exists now, it'll be way easier to control people compared than -say- back in Soviet Russia. EU also don't want people to have much cash at home, will not allow people to get a lot of money from ATM, etc...
Seriously, this happens several times a year and always gets rejected by the actual lawmakers.
> We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back.
Bad thing that mechanism even exist.
>And the fact they're scared to let anyone know who wrote the proposal says a lot.
True, that's absolutely against an "open society" Pun intended. ;)
That's not true!
Communist State's have at least real leaders/parties and a vision for the future. The EU is turning it into a surveillance state in fear from itself (direct?-democracy), fear to take a seat (responsibility) in global matters (France and some others maybe excluded from that that statement) and fear to impose already existing laws (because illegal migration gives us cheap labor aka "modern slavery").
- Censor: So they can refuse to solve a name, or solve to whatever address they mandate.
- Log: So that you can get criminally prosecuted for having requested resolution of names at any point in the future.
No thanks. I'll keep my unbound local cache pointed to a tor-based dns-on-tls server.
The only true private DNS server is the one you own. It should be a recursive DNS server configured with DNS root zone and DNSSEC. So it would first contact one of the root DNS servers (obtained from ICANN), validate the authenticity of the response ensure it is not tampered with using DNSSEC, and then proceed to call the next server in the chain until the query is fully resolved. Such DNS server would bypass all censorships.
Also nice is that more and more root servers already support DoT meaning that the request and response would be encrypted preventing intermediaries like your ISP from seeing the data.
As a last resort, your DNS server can be hosted outside of the country on a server and then you'd connect to it over DoT or DoH.
hunglee2•1d ago
protocolture•1d ago
The problem I have is 2 fold.
1. We need more distributed services and less reliance on that silly country full of absolute dunderheads I am not allowed to be mean to on this service.
2. We ALSO need to safeguard freedom of communication BETWEEN countries, lest a series of bad events leads to a bunch of countries going permanently dark.
The BGP bomb isnt frightening because you might be left without root service nodes, its frightening because there are people in other countries we get great value out of communicating with.
immibis•17h ago
We have something like this with phone numbers (dial 9 for outside line) and domains but not with IP addresses. The "internet" used to have it with bang paths.
Flat addressing is very good and convenient, but political turmoil easily destroys it, as Russia has already seen and the US is about to see.
(Cryptographic flat addresses don't suffer political problems but have different problems with scalability)
It would solve NAT, too.
protocolture•3h ago
As much as I love ENS I didnt propose a flat structure. I just think we can have our cake (hierarchies) and eat it to (Not have the yanks at the top/root of those heirarchies)
hunglee2•10m ago
carlhjerpe•1d ago
https://freedomhouse.org/country/scores
I'd say most of my privacy is being invaded by US companies, I can trust my insurance company isn't buying health data through third parties about me and such.
protocolture•1d ago
The Access and Assistance bill lets government ministers compel companies to create backdoors verbally with no recourse. Jailtime if they let anyone know about the backdoor. Including legal representation.
The bill was meant to be amended but no one will touch it, its radioactive.
It inspired the UK NZ and Canada to similar arrangements from memory.
Yes corporations making a buck off your user data is bad but I am much more afraid of what government can do with it.
philprx•1d ago
Gee... Those who trade privacy for security will get neither (and deserve none?)
hunglee2•9m ago
sunaookami•1d ago
https://www.europarl.europa.eu/RegData/etudes/STUD/2020/6487... (page 12)