zlacker

[parent] [thread] 8 comments
1. jhoelz+(OP)[view] [source] 2021-12-16 18:23:27
i thought that too!

but firefox has different dns requests going to their servers as well.

replies(2): >>no_tim+ty >>deepbl+NG1
2. no_tim+ty[view] [source] 2021-12-16 21:04:34
>>jhoelz+(OP)
On linux you can use IceCat. On windows, download simplewall and block pingsender.exe there. Should get rid of the queries if you combine it with userjs tweaking.
replies(4): >>callam+ZK >>jhoelz+mL >>bogwog+qU >>boogie+9x3
◧◩
3. callam+ZK[view] [source] [discussion] 2021-12-16 22:09:09
>>no_tim+ty
Just setup pihole - you can run it on any server and use it as a local dns server. Probably somebody else has done the work to list these spammy domains.
replies(1): >>paulry+GQ
◧◩
4. jhoelz+mL[view] [source] [discussion] 2021-12-16 22:11:24
>>no_tim+ty
thank you for the tip! I use an OpenWrt acces point that is on my desk and uses dnsblocking through blacklists. This way I have a wired and wifi network that block the most annoying stuff by default. It also integrates nicely with wireguard too.
◧◩◪
5. paulry+GQ[view] [source] [discussion] 2021-12-16 22:46:15
>>callam+ZK
What about DNS over HTTPS?
replies(1): >>zamada+hs1
◧◩
6. bogwog+qU[view] [source] [discussion] 2021-12-16 23:06:10
>>no_tim+ty
> On windows, download simplewall and block pingsender.exe there

Even if that works, it'll likely get patched out eventually with a forced update.

If you do insist on using Windows, an external firewall is the only way to be sure. But even that isn't foolproof since another update may decide that your Windows license isn't valid unless the analytics server is reachable.

◧◩◪◨
7. zamada+hs1[view] [source] [discussion] 2021-12-17 03:31:46
>>paulry+GQ
If you just want FF to not use it you can block "use-application-dns.net" which acts as a canary domain for it to disable DoH.

If you want to block it from things you don't trust to have such methods (or always listen to them) you'll have to upgrade to a firewall that can filter outbound connections to IPs the client hasn't received a DNS response for or require use of an explicit HTTP proxy for outbound connectivity.

Just blocking DNS can be a good middle ground for reasonable effectiveness without as much effort.

8. deepbl+NG1[view] [source] 2021-12-17 05:36:23
>>jhoelz+(OP)
There is a German article, that goes in depth on how to disable pretty much all of them and explains what they do: https://www.kuketz-blog.de/mozilla-firefox-datensendeverhalt...

A few of them actually do make sense for a normal user (i.e. the Wifi portal stuff). But you can disable it if you spend some effort on it or you can also use an alternative build of Firefox without it. Not great, but also not terrible imo. Sorry, that I have no English source.

◧◩
9. boogie+9x3[view] [source] [discussion] 2021-12-17 17:31:03
>>no_tim+ty
Or just use LibreWolf, it's just FF with uBlock and disabled tracking out of the box (available for GNU, macOS, and MSW iirc).
[go to top]