this post was submitted on 30 Aug 2023
259 points (100.0% liked)

Technology

37708 readers
347 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

tl;dr: No. Quite the opposite, actually — Archive.is’s owner is intentionally blocking 1.1.1.1 users.

CloudFlare's CEO had this to say on HackerNews:

We don’t block archive.is or any other domain via 1.1.1.1. [...] Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service. [...] The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.

I am mainly making this post so that admins/moderators at BeeHaw will consider using archive.org or ghostarchive.org links instead of archive.today links.

Because anyone using CloudFlare's DNS for privacy is being denied access to archive.today links.

https://ghostarchive.org/archive/PmSkp

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 49 points 1 year ago (3 children)

Time to add 1.1.1.1 to my list of DNS servers to use

[–] [email protected] 38 points 1 year ago (3 children)

In case you don't know, Cloudflare already controls a massive amount of websites, have access to their unencrypted traffic and are making the web inaccessible for people who use tor or noscript. They are a threat to the open web.

[–] [email protected] 15 points 1 year ago (1 children)

CloudFlare offers website admins the ability to have their sites directly available to Tor users but they have to activate the feature: https://developers.cloudflare.com/support/firewall/learn-more/understanding-cloudflare-tor-support-and-onion-routing/

[–] [email protected] 3 points 1 year ago

Strange, Onion routing was already enabled for my domains. Sounds like at some point it became an opt-out feature, not opt-in.

[–] [email protected] 13 points 1 year ago (4 children)

Do you have an alternative that isn't google? Because google's DNS privacy policy is much worse.

I don't like cloudflare, but their DNS terms are relatively good, and they have my info anyway because as you say, they're everywhere. I don't think my not using their DNS will make any appreciable mark on their business, either.

[–] [email protected] 8 points 1 year ago (1 children)

Quad9, DNS.Watch, OpenDNS

Three good alternatives.

[–] [email protected] 6 points 1 year ago (1 children)

Also NextDNS is great because you can change every setting (and the free tier offers you way more usage than you will ever use)

[–] [email protected] 3 points 1 year ago (1 children)

I maxed out the free tier in my first month somehow lol… $20/yr isn't a bad deal for essentially pihole everywhere.

[–] [email protected] 3 points 1 year ago (1 children)

I mean a $35 pi and wireguard [I'm fond of Zerotier personally] can do the same thing... indefinitely... $35/forever > $20/yr :)

[–] [email protected] 2 points 1 year ago

Yea that’s on the list for some point. I have a small k3s cluster running on some Pis and experimenting with tailscale.

[–] [email protected] 2 points 1 year ago

Nextdns is great.

[–] [email protected] 1 points 1 year ago

OpenNIC is an interesting option, if you're okay with community-hosted servers.

[–] [email protected] 6 points 1 year ago

I use NoScript and CloudFlare DNS works just fine for me. That said, I'm looking to switch due to privacy concerns after reading this thread.

[–] [email protected] 14 points 1 year ago

Don’t forget the backup 1.0.0.1

[–] [email protected] 4 points 1 year ago (4 children)
[–] [email protected] 14 points 1 year ago* (last edited 1 year ago) (2 children)
[–] [email protected] 2 points 1 year ago (1 children)

Do they have servers in the US?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 2 points 1 year ago

Sweet. Just changed my servers now.

[–] [email protected] 6 points 1 year ago (3 children)

I do CloudFlare first and Google as backup.

[–] [email protected] 23 points 1 year ago

So privacy first first and privacy last second, interesting combo

[–] [email protected] 7 points 1 year ago

yeah 1.1.1.1 then 8.8.8.8

[–] [email protected] 5 points 1 year ago

LOL that's not a bad way of explaining it. My reasoning is that I like CloudFlare, so I'll default to them, but if CF goes down I want DNS to continue working. I figure Google is one of the servers that's LEAST likely to go down.

[–] [email protected] 2 points 1 year ago

I used to use Cloudflare and recently switched to NextDNS for more control.