I would add from an end-user privacy perspective, they might want HTTPS. If I hit a website not using HTTPS, I pretty much immediately back out. Bad actors like hostile governments and hackers can use seemingly meaningless data against you.
I can’t remember exactly what happened but I remember back when WebMD was fighting against rolling out TLS hackers were able to find medical weaknesses against people.
Yes I have a DNS service listening on both UDP and TCP to respond to DNS queries from clients using the standard DNS port; crazy me. 🤪
You can’t have UDP and TCP on the same port? I don’t think that makes sense, I have DNS listening on UDP and TCP both on port 53.
I already VPN 99% of my traffic offshore. Do you think the threat to VPNs is eminent? I’ve been thinking about shadowsocks a lot but I’m not sure.
I killed off ads in the News app by blocking doh.apple.com. I find it kind of funny that it looks up its DoH server IP using the existing DNS server and that simply returning NXDOMAIN cuts it off.
Not sure if they use it for much more than that though (doesn’t seem like it).
One thing I want to bring up just so you’re conscious of it is WiFi calling.
I currently use Tailscale and a sophisticated setup to route traffic via commercial VPNs. I also do a ton of DNS ad/tracking blocking which Tailscale wasn’t really designed for (and requires a rat’s nest of routing, iptables and the like).
I’ve noticed I never receive incoming calls now even while attempting to send traffic to my carrier’s WiFi calling server (it’s just another traditional VPN server at a technical level) through the nearest Tailscale exit node.
All this is to say, if you want WiFi calling to work you should consider this. I believe it’s the same for Android and iPhone.
As for the traditional VPN bit I kind of discovered this a few years ago when using one of those mobile cellular gateways you can plug into your LAN (I lived in a dead zone). When looking up my current carrier’s WiFi calling server (a different carrier) I realized the port matches the same VPN thing they were doing on the cellular gateway, so I think it’s fairly common for wireless carriers to just use a VPN to get you into their backend.
Isn’t a Docker registry just HTTP? Would a caching proxy be too hard to use for this?
Yup, it makes my blood boil.
If you’re into following evil research companies check out Ridglan Farms.
I mean, it’s still good to know if you’re vulnerable right (for sake of discussion)?