| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by ian-bateman 2070 days ago

Hi coddle-hark -

- Right now we're still undecided / exploring different ways of monetizing the product! (something similar to Adblock-Plus though is our leading idea). - We're working on a way to disallow users from acting as exits for certain kinds of traffic - so you'll be able to categorically block certain kinds of sites through the UI in the near future. - Even with DoH on by default in the browser, we can still override / specify a DNS server.

Let me know if you still have questions / any of the above is unclear!

2 comments

bearburger 2069 days ago

> We're working on a way to disallow users from acting as exits for certain kinds of traffic - so you'll be able to categorically block certain kinds of sites through the UI in the near future

To block something you should know that it exists. Do you have full and actual list of CP resources? I doubt. So what is the point of ability to block something if you even don't know that it exists before it is too late. The only way to deal with it are whitelists but who will use "VPN" if only certain websites will be accessible?

link

coddle-hark 2070 days ago

Thanks!

> We're working on a way to disallow users from acting as exits for certain kinds of traffic - so you'll be able to categorically block certain kinds of sites through the UI in the near future.

How does this stop someone posting ISIS propaganda to Twitter? Or uploading CP to Google Drive?

> Even with DoH on by default in the browser, we can still override / specify a DNS server.

Can you? Browsers don’t respect the system’s DNS settings even with plain old DNS over UDP so I don’t think that’s the case. I might be missing something though!

link

ian-bateman 2069 days ago

Posted a bit about how we plan to approach this above, so just re-pasting:

  > - we plan to build in something similar to HTTPS Everywhere to the product, to automatically upgrade connections (and we only route traffic on ports 80 / 443 (optionally 53)). - we also plan to build in the ability to allow peers to block certain categories of traffic from going over their connection (using blocklists similar to those used by Fortiguard -- so you could block all torrenting sites, as an example).

And yep you can actually! Can't find better article on it at the moment (lots of search history to comb through, but this kind of touches on it a little / roughly: https://www.reddit.com/r/pihole/comments/gndbod/dns_over_htt...)

link

q3k 2069 days ago

You do realize you can get people in trouble for proxying traffic even to legit websites? Like, get someone a visit from the cops because someone else used their connection committed wire fraud on an auction site.

Your product is irresponsible.

link

samoa42 2069 days ago

generally you can not block DoH without blocking most of the web, thats literally the point of it.

link