Google Chrome to Support DNS of HTTPS

After Firefox in early September, Google had also revealed plans to support DNS over HTTPS (DoH).

In traditional DNS, the traffic between DNS servers and client that is looking up an address is going over the wire in un-encrypted and un-authenticated form. This means that the client does not know if the DNS server he is talking to is actually the correct server and that the connection has not been hijacked and he is delivered spoofed entries.

There have been efforts before to secure DNS traffic, and the most advanced and seasoned approach here is DNSCrypt, which is also using the default port TCP 443 (HTTPS) for its traffic.
The DNSCrypt v 2 protocol specification exists since 2013, but the protocol goes back to around 2008. It’s well tested and secure, and I would have expected this to be the quasi-standard to be used in Web browsers. In fact, Yandex browser already used this.

DNSCrypt setting in Yandex browser
Continue reading Google Chrome to Support DNS of HTTPS

Error in Tor Documentation for Bridge Configuration

I seem to have run into a problem using Tor’s documentation for Tor bridge configuration on FreeBSD.
According to mentioned documentation, you install the following software:

pkg install obfs4proxy-tor tor ca_root_nss

This works perfectly.

However, later in the documentation it says, that you will need to add the following line to torrc configuration file:

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy

Unfortunately, there is no file called obfs4proxy in the directory /usr/bin/.
The file is installed into directory /usr/local/bin/.
So the correct line to add should read:

ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy

The idea of a Tor bridge is that it’s IP address is not entered into the public database but remains hidden. With this wrong configuration line, the Tor node starts “normally” as a Tor exit node and publishes the IP address to the system in the public database.

Source of documentation: https://community.torproject.org/relay/setup/bridge/freebsd/

Tesla as a Surveillance Platform

I ran into this nice little story on Schneier on Security blog, describing how to transform a Tesla into an surveillance platform, using its cameras that give a 360° view of the car’s environment.
The article is a synopsis of a more detailed description on Wired describing the Tesla modifications.
In fact, it is quite easy to turn your Tesla into your own private surveillance platform. Everything you need is already there, you just need to plug in a notebook running the right (open-source) platform and your set.

Now we can understand why the Basle Police might find it interesting to own and run a few Teslas in the city of Basel. Not that I want to claim they actually used the car in this way, I would have no knowledge of that. Just saying it is a possibility that it will be used in this way, either by them or any other entity.

I can also imagine it would be very interesting to have access to all data from all Tesla cars in your fleet and record was going on around them – even if parked.
In fact, since the car already is a surveillance platform when you buy it, and you can use it as such with a few modifications, why not use it as such for your own purposes? Distributing your cars strategically in an area will give on traffic flow and where people go.

Note that while I write here specifically about Tesla, this holds true for any car from any manufacturer that produces similar cars and it will especially be true for self-driving cars.