this post was submitted on 30 Aug 2023
259 points (100.0% liked)

Technology

37725 readers
45 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

tl;dr: No. Quite the opposite, actually — Archive.is’s owner is intentionally blocking 1.1.1.1 users.

CloudFlare's CEO had this to say on HackerNews:

We don’t block archive.is or any other domain via 1.1.1.1. [...] Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service. [...] The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.

I am mainly making this post so that admins/moderators at BeeHaw will consider using archive.org or ghostarchive.org links instead of archive.today links.

Because anyone using CloudFlare's DNS for privacy is being denied access to archive.today links.

https://ghostarchive.org/archive/PmSkp

you are viewing a single comment's thread
view the rest of the comments
[–] LovelyCupcake@feddit.de 49 points 1 year ago (3 children)

Time to add 1.1.1.1 to my list of DNS servers to use

[–] koper@feddit.nl 38 points 1 year ago (3 children)

In case you don't know, Cloudflare already controls a massive amount of websites, have access to their unencrypted traffic and are making the web inaccessible for people who use tor or noscript. They are a threat to the open web.

[–] sdoorex@slrpnk.net 15 points 1 year ago (1 children)

CloudFlare offers website admins the ability to have their sites directly available to Tor users but they have to activate the feature: https://developers.cloudflare.com/support/firewall/learn-more/understanding-cloudflare-tor-support-and-onion-routing/

[–] WindFreaker@lemmy.blahaj.zone 3 points 1 year ago

Strange, Onion routing was already enabled for my domains. Sounds like at some point it became an opt-out feature, not opt-in.

[–] Lowbird 13 points 1 year ago (4 children)

Do you have an alternative that isn't google? Because google's DNS privacy policy is much worse.

I don't like cloudflare, but their DNS terms are relatively good, and they have my info anyway because as you say, they're everywhere. I don't think my not using their DNS will make any appreciable mark on their business, either.

[–] feyo@discuss.tchncs.de 8 points 1 year ago (1 children)

Quad9, DNS.Watch, OpenDNS

Three good alternatives.

[–] normal_user@lemmy.one 6 points 1 year ago (1 children)

Also NextDNS is great because you can change every setting (and the free tier offers you way more usage than you will ever use)

[–] notfromhere@lemmy.one 3 points 1 year ago (1 children)

I maxed out the free tier in my first month somehow lol… $20/yr isn't a bad deal for essentially pihole everywhere.

[–] Saik0Shinigami@lemmy.saik0.com 3 points 1 year ago (1 children)

I mean a $35 pi and wireguard [I'm fond of Zerotier personally] can do the same thing... indefinitely... $35/forever > $20/yr :)

[–] notfromhere@lemmy.one 2 points 1 year ago

Yea that’s on the list for some point. I have a small k3s cluster running on some Pis and experimenting with tailscale.

[–] raptir@lemdro.id 2 points 1 year ago

Nextdns is great.

[–] magmaus3@szmer.info 1 points 1 year ago

OpenNIC is an interesting option, if you're okay with community-hosted servers.

[–] Psythik@lemm.ee 6 points 1 year ago

I use NoScript and CloudFlare DNS works just fine for me. That said, I'm looking to switch due to privacy concerns after reading this thread.

[–] metaStatic@kbin.social 4 points 1 year ago (4 children)
[–] dingus@lemmy.ml 14 points 1 year ago* (last edited 1 year ago) (2 children)
[–] Psythik@lemm.ee 2 points 1 year ago (1 children)

Do they have servers in the US?

[–] dingus@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (1 children)
[–] Psythik@lemm.ee 2 points 1 year ago

Sweet. Just changed my servers now.

load more comments (1 replies)
[–] PeachMan@lemmy.one 6 points 1 year ago (3 children)

I do CloudFlare first and Google as backup.

[–] red@feddit.de 23 points 1 year ago

So privacy first first and privacy last second, interesting combo

[–] Bishma@discuss.tchncs.de 7 points 1 year ago

yeah 1.1.1.1 then 8.8.8.8

[–] PeachMan@lemmy.one 5 points 1 year ago

LOL that's not a bad way of explaining it. My reasoning is that I like CloudFlare, so I'll default to them, but if CF goes down I want DNS to continue working. I figure Google is one of the servers that's LEAST likely to go down.

[–] user224@lemmy.sdf.org 2 points 1 year ago

I used to use Cloudflare and recently switched to NextDNS for more control.

load more comments (1 replies)