Cloudflare's 1.1.1.1 Service Launches on Android and iOS (fastcompany.com)

← Back to Stories (view on slashdot.org)

Cloudflare's 1.1.1.1 Service Launches on Android and iOS (fastcompany.com)

Posted by msmash on Sunday November 11, 2018 @07:05AM from the interesting-moves dept.

harrymcc writes: Content-distribution network Cloudflare has introduced iOS and Android versions of 1.1.1.1, a free service which helps shield you from snoops by replacing your standard DNS with its encrypted (and speedy) alternative. The mobile incarnation of the PC service it launched last April, the apps don't require you to do anything other than downloaded and install them, give your device permission to install a VPN, and flip a switch -- making them approachable for the masses, not just geeks.

105 comments

Min score:

Reason:

Sort:

Cloudflare ROCKS! by gavron · 2018-11-11 07:07 · Score: 0, Troll

This is an awesome service! The more we can encrypt any data that others use to identify who we are and what we do on the Internet... the better (and safer) we are. It returns control of our devices... and our private information... to us.
Thank you, Cloudflare!
E
1. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:09 · Score: 0
  
  Hmn no. This service attempts to hijack my own dns. I have started blocking 1.1.1.1 on all my firewalls and routers. Both on company and personal machines.
2. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:14 · Score: 3, Informative
  
  You really should read the article. If you have your own DNS or your own VPN this is a downgrade to your opsec. Most people don't, and they do use the ISP's DNS servers (or the telco carrier's DNS) ... and here is where the Cloudflare service really makes a difference.
  It doesn't "Hijack" anything. You either affirmatively choose to install it... or you don't. If you don't, nothing changes.
  Try reading the article for comprehension. /.reader#734
3. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:15 · Score: 0
  
  There is no free beer. What does cloudflare do with data and how does it prevent DNS spoofing? CF has the ability to spoof tls certificates, too. Is there a privacy policy and independent audit report describing operatuonal controls?
4. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:16 · Score: 2, Informative
  
  Hmn no. This service attempts to hijack my own dns. I have started blocking 1.1.1.1 on all my firewalls and routers. Both on company and personal machines.
  Yes, I agree.
  http://hightechforum.org/cloudflares-1-1-1-1-dns-does-nothing-for-privacy/
5. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:17 · Score: 0
  
  Hmn no. This service attempts to hijack my own dns. I have started blocking 1.1.1.1 on all my firewalls and routers. Both on company and personal machines.
  care to elaborate?
6. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:18 · Score: 0
  
  I read it and my first pass through didnt see anything useful. I guess I wouldnt recommend
7. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:30 · Score: 0
  
  One DNS to serve them all, One DNS to find them,
  One DNS to see them all and in the darkness BIND them
  In the Land of Cloudflare where the Content lies.
8. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:32 · Score: 0
  
  I know how it works. And cloudflare is making sure certain browsers default to cloudflare no matter your own settings. You also have dumb employees who see this and try to be "smart" breaking the finely tuned dns system in place.
  For a non-enterprise non-poweruser enviroment? Use whatever floats your boat. Don't force me to block it on the firewall by ignoring gpo's and bypassing system settings. My gripe is not against the android app and I should've clarified that.
9. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:35 · Score: 0
  
  Elaborated on a post upstream. Certain browsers have taken to using cloudflare dns before trying the system configured ones. That breaks any dns config you have in a company/power user enviroment.
10. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 07:49 · Score: 0
  
  That is the android app. Cloudflare perse has agreements with certain BROWSERS to use their dns FIRST. Like I said on my original explanation, I dont have a problem with the android app.
11. Re:Cloudflare ROCKS! by AndrewFlagg · 2018-11-11 07:51 · Score: 1
  
  its funny how ass backwards our technology has been rather than how we live in our neighborhoods and walk down the streets. now technology is starting to behave like it should be like.... hey, a stranger someone lives there because the light is on, and don't know who, and what they have... unless i snoop in their mailbox and peep through their windows... no value in anonymous traffic other than traffic in itself.. ads should continue without alot of granular metrics like it used to be, much like tv and the neilsen ratings..... me likey...mikey likes it...
12. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 08:01 · Score: 1
  
  From your own link, the 1.1.1.1 isn't much use without also using a VPN to encrypt the IP calling it. Which... they now have added to the app, as above.
13. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 08:09 · Score: 0
  
  you're missing an '/s' tag here??
  they're right up there with the social media sites or windows 10 for siphoning data, and worse in the sense that they give you that totally false sense of security and privacy when they do it. cloudfare is evil as fuck.
14. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 08:23 · Score: 1
  
  If you aren't blocking outbound DNS from everything but your authorized DNS servers on an enterprise network via your firewall, then you are grossly incompetent and oblivious to modern attack vectors.
  And basic security principles like defense-in-depth.
15. Re:Cloudflare ROCKS! by Cmdln+Daco · 2018-11-11 08:31 · Score: 1
  
  Aren't they a content-providing, aka DRM type delivery vehicle?
16. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 08:39 · Score: 0
  
  I hope you are being sarcastic, but I cannot really tell...
17. Re:Cloudflare ROCKS! by OneHundredAndTen · 2018-11-11 08:45 · Score: 4, Insightful
  
  Are you aware of the fact that Cloudflare has access to ALL of your DNS queries? If you do not trust your ISP, Google, etc., why would you trust Cloudflare?
18. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 08:50 · Score: 0
  
  WHY would you trust CLOUDFLARE over GOOGLE OR AT&T/COMCAST/TWC? Are you a complete MORON? Cloudflare isn't in the ad/marketing data business, for starters Einstein. God damn you earned the full whoosh there.
19. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 09:08 · Score: 0
  
  That what this means:
  You also have dumb employees who see this and try to be "smart" breaking the finely tuned dns system in place.
  You are grossly incompetent at reading.
20. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 09:31 · Score: 0
  
  Thatâ(TM)s the most sensible question here.
21. Re:Cloudflare ROCKS! by squiggleslash · 2018-11-11 09:45 · Score: 2
  
  It's not as useful as it once might have been. HTTPS used to be 100% secure with only hole being DNS. This would plug that... except that browsers have been migrating to SNI, a system to allow a single IP address to service multiple HTTPS sites, which means that the domain name gets exchanged in a snoopable (MITM) manner.
  With SNI becoming common, the Cloudflare service really doesn't provide much security.
  
  --
  You are not alone. This is not normal. None of this is normal.
22. Re: Cloudflare ROCKS! by squiggleslash · 2018-11-11 09:51 · Score: 2
  
  Yes, we know that bit, what people here are saying that's a bad idea, given that if someone installs the Firefox plug in, they'll suddenly have problems accessing internal-wiki.myemployer.com, timeoff-booking-system.myemployer.com, and source-code-control-system.myemployer.com.
  Sysadmins in general also like having control over their own networks, and having random employees use third party DNS, still worse to "protect their privacy" (prevent a sysadmin from determining what they were using the network for, something they have a legitimate reason for), undermines that.
  
  --
  You are not alone. This is not normal. None of this is normal.
23. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 09:52 · Score: 0
  
  Obviously, they felt like offering a free service where they get nothing in return. It's an ingenious business model.
  Or maybe you were too oblivious to ask how they make money.
24. Re: Cloudflare ROCKS! by bn-7bc · 2018-11-11 10:01 · Score: 1
  
  As far as I know cf delivers any content their coustubers want them to (any legal content that is) the use of drm or not is the costumers ÂchoiceÂ but then again I might be miss informed
25. Re: Cloudflare ROCKS! by bn-7bc · 2018-11-11 10:07 · Score: 1
  
  Good point put until ipv6 is absolutly evrywhere we canâ(TM)t afford the ipv4 burn rate of having avry https site on their own ip esp niw that more and more browsers flash up scary messages if you try accessing anything over http.
26. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 11:54 · Score: 0
  
  >With SNI becoming common, the Cloudflare service really doesn't provide much security.
  That's coming too:
  https://blog.cloudflare.com/encrypted-sni/
27. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 12:52 · Score: 0
  
  I can't even see the app on the Play Store on my phone. On my PC I can see the app page and it even says it's compatible with my phone, but on my phone there is no entry for 1.1.1.1
  It appears my carrier, T-Mobile, blocks users from being able to see or download the app.
28. Re: Cloudflare ROCKS! by andydread · 2018-11-11 13:10 · Score: 1
  
  Yes internal hosts will fail. As them trying to "protect their privacy"
  Guess what?? It won't work if a competent sysadmin blocks all outgoing DNS queries from the LAN except the DNS server on the LAN that they should be using.
  So, what will happen when random employee installs said App?
  Their internet on their mobile device will not work after installing the app and they will then remove it. Problem solved.
29. Re: Cloudflare ROCKS! by andydread · 2018-11-11 13:11 · Score: 1
  
  [citation needed]
30. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 14:36 · Score: 0
  
  They can do less damage than google with their 8.8.8.8 service which is enough for me to try it
31. Re: Cloudflare ROCKS! by Zero__Kelvin · 2018-11-11 15:09 · Score: 0
  
  I had a free beer. You are a moron.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
32. Re: Cloudflare ROCKS! by Zero__Kelvin · 2018-11-11 15:13 · Score: 0
  
  You forgot "One dumb motherfucker called Anonymous Coward to ruin Slashdot" ... Good Job though all you worthless motherfuckers who couldn't be bothered to create an account and paved the way!
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
33. Re:Cloudflare ROCKS! by Jane+Q.+Public · 2018-11-11 15:41 · Score: 0
  
  Because of their TOS.
  
  Read it.
34. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 16:41 · Score: 0
  
  lol, I have the same problem w/ T-Mobile. "1.1.1.1", "cloudflare", and the helpful autocomplete of "1.1.1.1 - faster private internet & unblock sites" all come up with scammy looking VPN apps. Does anyone have a **link** to the app in the play store?
35. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 16:46 · Score: 0
  
  Here it is: https://play.google.com/store/... Installed and works on my Android phone.
36. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-11 17:18 · Score: 0
  
  And what is wrong with 8.8.8.8?
37. Re:Cloudflare ROCKS! by AmiMoJo · 2018-11-12 02:45 · Score: 3, Insightful
  
  Because most people have to trust someone with their DNS queries, especially when on mobile networks. Given a choice of unencrypted DNS queries to your scummy mobile provider's servers or encrypted ones to Cloudflare, you are probably better off with the latter.
  At least Cloudflare can't tie up the request with cell location data and sell that information to nearby businesses.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
38. Re:Cloudflare ROCKS! by squiggleslash · 2018-11-12 10:02 · Score: 1
  
  I'm glad to hear that! I've been wondering if there would have been a way to at least use some form of adhoc encryption to exchange the hostname with the server, and then verified afterwards that the encryption wasn't compromised, eg:
  Client: Send me the public part of an encryption key
  Server: 1234
  Client: (Encrypted using 1234)www.hostname.com
  Server: (Key for www.hostname.com)
  Client: (Creates session using www.hostname.com's key)You sent me 1234 to use to encrypt the hostname, was that valid?
  Server: Yep, that's the one I use today.
  The only problem I can see is if multiple servers serve the same site, then you'd have to make sure the key used to encrypt the hostname is the same on each server (if it allows different keys for different TCP sessions then the attacker can just break the connection the first time they try to connect after faking being the server to get the hostname.)
  
  --
  You are not alone. This is not normal. None of this is normal.
39. Re:Cloudflare ROCKS! by mshieh · 2018-11-12 14:41 · Score: 1
  
  Because I have no idea who the ISP is when I travel.
  If I'm at home, this is probably overkill.
  If I use google without dnssec or dns-over-https, then it's easy to see which sites I visit.
40. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-12 19:31 · Score: 0
  
  As an IT Service Provider with 25 years in networking I trust CloudFlare. Because I read the news.
  CloudFlare believes in free speech https://arstechnica.com/tech-policy/2017/12/cloudflares-ceo-has-a-plan-to-never-censor-hate-speech-again/ CloudFlare supports Net Neutrality https://blog.cloudflare.com/senate-vote-fcc-privacy-rules/ CloudFlare doesn't make money collecting your browsing data (like Google's 8.8.8.8) CloudFlare makes money by protecting your data from DDoS Attacks, CloudFlare updates DNS instantly instead of taking hours. https://www.zdnet.com/article/how-to-use-cloudflares-dns-service-to-speed-up-your-internet-and-protect-your-privacy/ I ALWAYS change my client's DNS servers to query OpenDNS for commercial content filtering and CloudFlare for trust over ISP's who are now more frequently media companies.
  so YES CloudFlare ROCKS!!!
41. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-12 22:33 · Score: 0
  
  At least Cloudflare can't tie up the request with cell location data and sell that information to nearby businesses.
  It actually can.
42. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-13 08:51 · Score: 0
  
  Whitelist what DNS you want. Blacklisting is for amateurs as you clearly are.
  numbnuts
43. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-13 08:52 · Score: 0
  
  Google, numbnuts.
  A company that makes their money explicitly from tracking you. If Google stopped spying on people they would go broke. They have no other real revenue.
44. Re: Cloudflare ROCKS! by Anonymous Coward · 2018-11-13 08:57 · Score: 0
  
  Your parents must have hated you since they named you Zero__Kelvin. Or is that the temp in your head?
  numbnuts
45. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-13 09:03 · Score: 0
  
  IPv6 is used so rarely it is not even worth talking about.
  numbnuts
46. Re:Cloudflare ROCKS! by Anonymous Coward · 2018-11-13 09:11 · Score: 0
  
  Yup, I had to find it on my PC and email the address to myself and download it through my browser.
  Another reason not to trust carriers and use 1.1.1.1.
  numbnuts
So... by Anonymous Coward · 2018-11-11 07:19 · Score: 0

Is Cloudflare watching everything you do like Google and the U.S. government?
Give your device permission to install a VPN by Anonymous Coward · 2018-11-11 07:28 · Score: 0

Give your device permission to install a VPN
I do not consider that a simple or small permission.
1. Re: Give your device permission to install a VPN by bursch-X · 2018-11-11 10:59 · Score: 3, Funny
  
  You downloaded an VPN app that now has the gall to ask to install a VPN - inconceivable.
  
  --
  There are two rules for success:
  1. Never tell everything you know.
2. Re: Give your device permission to install a VPN by Anonymous Coward · 2018-11-11 17:11 · Score: 0
  
  You downloaded an VPN app that now has the gall to ask to install a VPN - inconceivable.
  Sure, and everyone who installs it knows what that entails. Oh wait.
They host the content by Bite+The+Pillow · 2018-11-11 07:33 · Score: 1

If they host a lot of the content, they know what you're looking at. Now they know.. what you're looking at. Problem is what?
1. Re:They host the content by sacrilicious · 2018-11-11 07:45 · Score: 0
  
  You're not replying to another message, and your own message is confusing. Are you asking a question, being sarcastic, or pointing something out?
  
  --
  - First they ignore you, then they laugh at you, then ???, then profit.
Sick of big companies snooping your dns? by viperidaenz · 2018-11-11 07:34 · Score: 4, Insightful

We have a simple solution!
Install this app and give Cloudflare permission to access all of your network traffic and you can use our DNS server!
1. Re:Sick of big companies snooping your dns? by AndrewFlagg · 2018-11-11 07:55 · Score: 1
  
  not to be pessimistic and cloudy.... .....and the traffic is hijacked via bad IP routes through another country.. or that closet in the hallway with no label or number in a megapop downtown san francisco where all the fiber comes in and out off.... and voila.. back to square one.. ;-)
2. Re:Sick of big companies snooping your dns? by Known+Nutter · 2018-11-11 08:09 · Score: 1
  
  You should try speaking in clear, concise, and complete sentences.
  
  --
  Beware of the Leopard.
3. Re:Sick of big companies snooping your dns? by Anonymous Coward · 2018-11-11 08:23 · Score: 0
  
  Were you in Blade Runner?
4. Re:Sick of big companies snooping your dns? by viperidaenz · 2018-11-11 08:36 · Score: 3, Insightful
  
  I'm not sure what your point is, because you've failed at english.
  But VPN apps get access to all network traffic on your phone. they're free to inspect the data and are responsible for routing it. That's just how VPNs work.
  If you're worried about "big data" getting your data, I'm failing to see how freely giving it all to a "big data" company is going to help. Especially when the service they're offering is free. Someone is paying for it.
  Maybe they want to analyse the data to find popular websites people use that don't go through Cloudflare services, so they can better target their marking to those site operators.
5. Re:Sick of big companies snooping your dns? by Anonymous Coward · 2018-11-11 08:45 · Score: 0
  
  That post... would... be clearer... with more... use of... ellipses... in... the text.
6. Re:Sick of big companies snooping your dns? by gtall · 2018-11-11 09:07 · Score: 1
  
  Precisely. Cloudfare must show some sort of profit for this "service". The only way I can see them turning one is monetizing the information running through their systems.
7. Re: Sick of big companies snooping your dns? by bn-7bc · 2018-11-11 10:20 · Score: 1
  
  Well consider thiscenario: en user usingcloudflares dns are trying ro get to content hosted by cloudflarw, thay query the dns for recoeds that probably ar atleas cached on the server, so they get a reply in 1 rtt and initiate aconnection to the nearestserver having that content. Net result for the end user they get the content even quicker than before ehe cf did just the hosting. Cf can say wedeliver first byte quickerthan ouer competition, that is agood thing when trying to get newcpstumers. Thecost for serving as the recursicve dns for non cf records, well cheap advertising.
8. Re: Sick of big companies snooping your dns? by viperidaenz · 2018-11-11 12:13 · Score: 1
  
  or more likely, they'll present data showing connection times, time to first data, data throughput, failed connection attempts, etc for the customers they're trying to win over.
  That network data can be provided by a VPN app.
9. Re:Sick of big companies snooping your dns? by Anonymous Coward · 2018-11-11 16:58 · Score: 0
  
  I've already ublocked + noscripted Cloudflare.
  No way in hell I'd ever consider using their DNS.
10. Re:Sick of big companies snooping your dns? by thegarbz · 2018-11-12 01:56 · Score: 1
  
  We have a simple solution!
  Install this app and give Cloudflare permission to access all of your network traffic and you can use our DNS server!
  I'm ready to accept going with a new unknown than my god-fucking-awful-and-overtly-evil ISP.
11. Re:Sick of big companies snooping your dns? by AmiMoJo · 2018-11-12 02:27 · Score: 1
  
  You don't have to use Cloudflare's VPN app if you don't trust it, you can just manually configure your DNS servers or use your own local VPN. DNS66 is open source and a good choice, as it also features ad blocking.
  In any case, if they are leaking data back to Cloudflare somehow it would be trivial to spot and quickly get them banned from the Play Store. I'm sure someone will check.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
12. Re:Sick of big companies snooping your dns? by viperidaenz · 2018-11-12 07:22 · Score: 1
  
  It would be trivial to hide data in the encrypted secure dns lookups the app is primarily designed to do.
13. Re:Sick of big companies snooping your dns? by micheas · 2018-11-13 18:24 · Score: 1
  
  I'm not sure how they plan on monetizing it. But, from talking to their salespeople that have been wanting me to pay $1,500 a month for their DNS service. I'd guess they are looking at this as a freemium offering. Where they will allow corporate users to have private DNS entries that are only available to their logged in users. And based on their pricing model, I'd guess that would be about $1k a month plus a per-user fee.
  
  --
  Work bio at MMWD
No thanks by Anonymous Coward · 2018-11-11 07:38 · Score: 5, Insightful

This isn't protecting traffic from snooping, it's exposing traffic to Cloudflare. The same company which makes a business model out of holding other people's private TLS keys. The same company which refuses to stop serving known spammers. The same company which was breaking half the internet for Tor users.
Cloudflare is the kind of centralization we need to get away from.
1. Re:No thanks by thegarbz · 2018-11-12 02:00 · Score: 1
  
  This isn't protecting traffic from snooping, it's exposing traffic to Cloudflare. The same company which...
  Yeah but you haven't mentioned anything about abusing customer data and selling it wholesale without even cursory anonymity to any 3rd party paying cash, so they sound like exactly the kind of company that I would prefer to hold my data instead of my mobile provider.
2. Re:No thanks by AmiMoJo · 2018-11-12 02:41 · Score: 1
  
  It's the lesser of two evils. If you use your ISP/mobile operator's DNS server then they have a record of every query you make, and the times you visited those sites thanks to deep packet inspection (DPI). At least this way the DNS lookups and the DPI data are kept separate and can't be trivially cross referenced.
  The DPI data is getting less useful too, because due to services like Cloudflare and shared virtual servers in general it's become much harder to associate an IP address with a particular web site.
  Cloudflare gets you DNS lookups and can of course correlate with accesses to their CDN from your IP address, but it's still better than your ISP having it because your ISP also has the DHCP and billing records to tie it all directly to you. Let's not pretend that most ISPs are less evil than anything Cloudflare does either.
  So for most people it's an improvement, although obviously not as good as using a proper on-log VPN or Tor.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
3. Re:No thanks by Anonymous Coward · 2018-11-12 05:39 · Score: 0
  
  "due to services like Cloudflare and shared virtual servers in general it's become much harder to associate an IP address with a particular web site"
  Nope. There are only two ways to handle https server certificates, and encrypted DNS doesn't prevent your ISP from knowing what website you're visiting in either case.Traditional https sites present the same server cert to all clients. SNI (server name indication) sites require the client to tell the server the hostname portion of the URL it wants before the server provides its certificate. This SNI "server name" extension to the "client hello" is unencrypted. (See RFC 6066.)
  All modern Internet-enabled software -- web browsers, email clients, etc.-- support SNI. All modern software *always* send the SNI "server_name" extension when initiating a secure (TLS/"SSL") connection -- even to websites that don't require or use SNI.
  Therefore:
  All your ISP need to to do is examine the unencrypted data your software sends to the server and they'll know as much as if they handled your DNS lookup.
  1.1.1.1 just sends some of your usage information to an additional company. Congrats.
CF is the NSA by Anonymous Coward · 2018-11-11 07:41 · Score: 0

shield you from snoops
They ARE the snoops. Their main business is being the man in the middle between most internet users and of the websites on the western internet.
Encryption become hard to crack so the NSA came up with a problem (DDoS) and then a nice solution (CF) to that problem. Now they MiTMing everyone and getting them to PAY for the privilege. 1.1.1.1 is genius way to people to hand over all their DNS lookups.
Quad dns by Anonymous Coward · 2018-11-11 07:57 · Score: 0

What makes this any better than quad?
1. Re: Quad dns by Anonymous Coward · 2018-11-11 09:19 · Score: 2, Funny
  
  Fuck it, we are going with 5 DNS entries.
How do they make money on this? by Anonymous Coward · 2018-11-11 08:04 · Score: 1

I'm curious about their altruism.
1. Re: How do they make money on this? by Anonymous Coward · 2018-11-11 08:08 · Score: 1
  
  I think it's more about vendor lock-in of sorts. The more and more people using anything from cloudflare the better for their business.
  They also get a lot of statistics and data from millions/billions of DNS requests and metadata (what times are busiest for which regions, etc).
2. Re:How do they make money on this? by LordHighExecutioner · 2018-11-11 08:21 · Score: 1
  
  NSA
3. Re:How do they make money on this? by AHuxley · 2018-11-11 09:24 · Score: 1
  
  The "free" use of the internet by many people gives data on the internet in real time.
  That better protects people in real time who pay for security products and services.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:How do they make money on this? by Shaix · 2018-11-11 20:40 · Score: 1
  
  Is there any actual proof of this? Or even any evidence at all to suggest it? Or is this just another tinfoil hat type of thing?
1.1.1.1? by Freshly+Exhumed · 2018-11-11 08:26 · Score: 3, Funny

How am I supposed to remember that IP address? If only there was a system to translate such IP addresses into more human-friendly names that are easier to remember...

--
I deny that I have not avoided attaining the opposite of that which I do not want.
1. Re:1.1.1.1? by Cmdln+Daco · 2018-11-11 08:34 · Score: 2
  
  I agree. It's so archaic that they are using octal. Why can't they use hexadecimal or binary like the rest of us?
2. Re:1.1.1.1? by Anonymous Coward · 2018-11-11 08:38 · Score: 0
  
  Chicken, meet egg. Seriously, how do you expect your DNS service to convert one.one.one.one (seriously) to 1.1.1.1 if you have not configured your DNS?
  P.S. $ nslookup 1.1.1.1
3. Re:1.1.1.1? by Anonymous Coward · 2018-11-11 12:29 · Score: 0
  
  thankfully they HAVE provided a human-friendly hostname: one.one.one.one !
4. Re:1.1.1.1? by Anonymous Coward · 2018-11-11 13:29 · Score: 0
  
  It looks like some legacy IPv4 format for addresses. I understand that protocol died off years ago.
5. Re:1.1.1.1? by fisted · 2018-11-11 21:59 · Score: 1
  
  Whoosh
  
  --
  CLI paste? paste.pr0.tips!
Re: Protect yourself from DNS attacks... apk by Anonymous Coward · 2018-11-11 09:14 · Score: 2, Informative

Do not download this program for Linux or windows. I tried the Linux port and it opened up a command prompt and did a sudo rm -rf. I have no idea how it got my root password.
I then tried the windows version a couple days later. Same thing except I kept seeing deltree.
APK can not be trusted.
First off, he isn't an American. He is a foreign adversary living in the republic of congo. He makes his money from blood diamonds by using child labor.
Stay away from APK and all his software if you want a clean system. Beware anything that is made from APK is a virus or malware.
Yours truly,
Spruce Schneier
Remember Vint Cerf by Anonymous Coward · 2018-11-11 09:18 · Score: 0

And when you are not content with these patches remember gurus like Vint Cerf that designed these wonderful problems and gave your privacy to the NSA only to come back and complain on huge speaker fees.
Just use Blokada by Anonymous Coward · 2018-11-11 09:47 · Score: 0

Blokada blocks ads and give you the ability to use 1.1.1.1 or other DNS servers. Just use that instead.
Ipv6 not secured by bn-7bc · 2018-11-11 10:31 · Score: 1

This works only for ipv4 traffic (the vpn part) so if the network ypu connect to is dual stacked only 44 traffic will be secured and since most apps use ipv6 as defaulr when avalable a significant portion ofyour traffic will not use the vpn, how could cloudflare miss this? Itâ(TM)s not like these pople donâ(TM)t know about nerworking is it
1. Re: Ipv6 not secured by Zero__Kelvin · 2018-11-11 15:16 · Score: 1
  
  Please substantiate your claim that "Most apps use IPv6". Show your work, especially referring to the ISO model. (You fucking idiot)
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
2. Re: Ipv6 not secured by Anonymous Coward · 2018-11-11 23:20 · Score: 0
  
  You sound like a miserable little shit. Maybe you should try getting laid for once in your worthless existence.
Marketing by DaMattster · 2018-11-11 13:14 · Score: 1

I use this on my Android 8.1 device simply because it's convenient. As for my home network, I run my own DNS servers so I really don't have to worry much about DNS traffic being snooped by my ISP. If I were so inclined, I could also run all of my home network traffic over a VPN to my own cloud servers. But this initiative by CloudFlare is nothing more than a gimmick to make money. Instead of your ISP selling your data, CloudFlare now gets the piece of the pie.
TOR vpn by Anonymous Coward · 2018-11-11 21:41 · Score: 0

Tor has a VPN like setup now on Android. Which means that you no longer have to be rooted to torify any app
I'll explain why the "vpn" by gl4ss · 2018-11-11 23:53 · Score: 1

You need to insert the dns because you can't configure a custom dns on a gprs/2g/4g connection on phones. so what to do? well create a local vpn and intercept the dns there. the vpn doesn't need to "go" anywhere.
You cannot filter/block the dns requests otherwise on the phone itself. this situation sucks and is deliberate. this is a janky workaround to combat that.
This idea of doing filtering like this is years old. there's a bunch of apps like this on play store.
- on a related note, samsung for example has actual api's to configure the actual firewall, those apis aren't free to use but behind a licensing deal(your phone check the developers key when you use an app that has done the licensing with samsung).
or, of course, you could just root your phone. I mean that would be the most sensible thing to do. you can't configure these vpn's to be "always on" anyways - and fucking android lets some built in stuff bypass the always on vpn setting anyways.

--
world was created 5 seconds before this post as it is.
Isn't this just... by mccrew · 2018-11-12 04:37 · Score: 1

Isn't this just trading in one snoop with a different snoop?

--
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
cloudflare dns blocks archive.is by Anonymous Coward · 2018-11-12 06:33 · Score: 0

Cloudflare's DNS will not resolve any of the archive.is TLDs.
Re: Protect yourself from DNS attacks... apk by Anonymous Coward · 2018-11-12 09:00 · Score: 0

APK can be trusted 100%!!! I have never lied*!
* Unlike some other dishonest people like parent post!
And you can believe me when I say that I like to get fucked in my anus really hard!
Then I take the shit covered cock in my mouth and suck off the brown goodness!
APK
P.S.=> It feels great to be gay. Maybe I'll try fucking little kids next... apk