Cloudflare's 1.1.1.1 Service Launches on Android and iOS

harrymcc writes: Content-distribution network Cloudflare has introduced iOS and Android versions of 1.1.1.1, a free service which helps shield you from snoops by replacing your standard DNS with its encrypted (and speedy) alternative. The mobile incarnation of the PC service it launched last April, the apps don't require you to do anything other than downloaded and install them, give your device permission to install a VPN, and flip a switch -- making them approachable for the masses, not just geeks.

Re: Cloudflare ROCKS!

You really should read the article. If you have your own DNS or your own VPN this is a downgrade to your opsec. Most people don't, and they do use the ISP's DNS servers (or the telco carrier's DNS) ... and here is where the Cloudflare service really makes a difference.

It doesn't "Hijack" anything. You either affirmatively choose to install it... or you don't. If you don't, nothing changes.

Try reading the article for comprehension. /.reader#734

Re: Cloudflare ROCKS!

Hmn no. This service attempts to hijack my own dns. I have started blocking 1.1.1.1 on all my firewalls and routers. Both on company and personal machines.

Yes, I agree.

http://hightechforum.org/cloudflares-1-1-1-1-dns-does-nothing-for-privacy/

Sick of big companies snooping your dns?

[viperidaenz]

We have a simple solution!
Install this app and give Cloudflare permission to access all of your network traffic and you can use our DNS server!

Re:Sick of big companies snooping your dns?

[viperidaenz]

I'm not sure what your point is, because you've failed at english.

But VPN apps get access to all network traffic on your phone. they're free to inspect the data and are responsible for routing it. That's just how VPNs work.
If you're worried about "big data" getting your data, I'm failing to see how freely giving it all to a "big data" company is going to help. Especially when the service they're offering is free. Someone is paying for it.

Maybe they want to analyse the data to find popular websites people use that don't go through Cloudflare services, so they can better target their marking to those site operators.

No thanks

This isn't protecting traffic from snooping, it's exposing traffic to Cloudflare. The same company which makes a business model out of holding other people's private TLS keys. The same company which refuses to stop serving known spammers. The same company which was breaking half the internet for Tor users.

Cloudflare is the kind of centralization we need to get away from.

1.1.1.1?

[Freshly+Exhumed]

How am I supposed to remember that IP address? If only there was a system to translate such IP addresses into more human-friendly names that are easier to remember...

Re:1.1.1.1?

[Cmdln+Daco]

I agree. It's so archaic that they are using octal. Why can't they use hexadecimal or binary like the rest of us?

Re:Cloudflare ROCKS!

[OneHundredAndTen]

Are you aware of the fact that Cloudflare has access to ALL of your DNS queries? If you do not trust your ISP, Google, etc., why would you trust Cloudflare?

Re: Protect yourself from DNS attacks... apk

Do not download this program for Linux or windows. I tried the Linux port and it opened up a command prompt and did a sudo rm -rf. I have no idea how it got my root password.

I then tried the windows version a couple days later. Same thing except I kept seeing deltree.

APK can not be trusted.

First off, he isn't an American. He is a foreign adversary living in the republic of congo. He makes his money from blood diamonds by using child labor.

Stay away from APK and all his software if you want a clean system. Beware anything that is made from APK is a virus or malware.

Yours truly,

Spruce Schneier

Re: Quad dns

Fuck it, we are going with 5 DNS entries.

Re:Cloudflare ROCKS!

[squiggleslash]

It's not as useful as it once might have been. HTTPS used to be 100% secure with only hole being DNS. This would plug that... except that browsers have been migrating to SNI, a system to allow a single IP address to service multiple HTTPS sites, which means that the domain name gets exchanged in a snoopable (MITM) manner.

With SNI becoming common, the Cloudflare service really doesn't provide much security.

Re: Cloudflare ROCKS!

[squiggleslash]

Yes, we know that bit, what people here are saying that's a bad idea, given that if someone installs the Firefox plug in, they'll suddenly have problems accessing internal-wiki.myemployer.com, timeoff-booking-system.myemployer.com, and source-code-control-system.myemployer.com.

Sysadmins in general also like having control over their own networks, and having random employees use third party DNS, still worse to "protect their privacy" (prevent a sysadmin from determining what they were using the network for, something they have a legitimate reason for), undermines that.

Re: Give your device permission to install a VPN

[bursch-X]

You downloaded an VPN app that now has the gall to ask to install a VPN - inconceivable.

Re:Cloudflare ROCKS!

[AmiMoJo]

Because most people have to trust someone with their DNS queries, especially when on mobile networks. Given a choice of unencrypted DNS queries to your scummy mobile provider's servers or encrypted ones to Cloudflare, you are probably better off with the latter.

At least Cloudflare can't tie up the request with cell location data and sell that information to nearby businesses.