- Tinywall stop icmp install#
- Tinywall stop icmp full#
- Tinywall stop icmp code#
- Tinywall stop icmp free#
- Tinywall stop icmp windows#
My goal was not to convince you, but to provide explainers and pointers to your input. One shoe must not fit all, totally fine with us. Reading about your setup I do agree with you. > And for me it would be another hard 'no' for using your product > Maybe add an (i) explaining why do you ask for the prefix? Not only you do the things you shouldn't do (eg dnscache disablement) you are omitting how exactly your 'Secure DNS' works in your documentation (no, blogs are not documentation) you purposely skew your wordings on things you shouldn't (WFP filters for browsers?!). Okay, now I have a way formulate my concerns:
Tinywall stop icmp code#
FF can query DoH, but does it by running a user-mode code in the browser process.
Tinywall stop icmp install#
> I have difficulties seeing your concerns hereĮxcuse me? My browsers doesn't install WFP filters to 'manipulate traffic'. And for me it would be another hard 'no' for using your product - you are thinking you know better than me or even guys from Redmond. Means you have a pretty perverse understanding on how things can and should be done.
Tinywall stop icmp windows#
Which not only would leak the internal names but explicitly break the resolving, because it would be performed from the public Internet.Īlso reading further the only place where the /behaviour/ is somewhat explained is the end of DNS configuration article It is not a good marker what I needed to deep-dive in the multiple docs and blog articles to find out how exactly you iteract with DNS.Īnd also knowing what you outright disabled 'dnscache' on Windows machines before. If I understand from your blog you would intercept and reroute this query to the DNS servers configured in the Portmaster. Eg I would have a split-brain DNS with only a handful of A records on the public side, while a lot more on the internal side (accessible through VPN, for example). This is pretty confusing.įor the well known zones (listed on that page) sure. Current link (i) just throws you to Wikipedia without explaining anything.
Tinywall stop icmp free#
Maybe add an (i) explaining why do you ask for the prefix? Could be a free bonus point for you for respecting the users privacy. I've encountered this type of selection, but extremely rare. > We know the resulting UX with the phone prefix is uncommon
We document everything we do and that can be verified by inspecting the source code. I have difficulties seeing your concerns here. Just as browsers, who enforce DoH, manipulate network traffic, or VPN software. Specifically, via the Windows Filtering Platform APIs This means network packets can be intercepted.
Īnd lastly, yes Portmaster deeply integrates into the OS via a kernel extension. Also, here is the context of that time if you are interested. A re-evaluate is probably due since a lot happened in the meantime. We opted for them since they were the fastest at a time when Portmaster itself had speed issues. We are not too content with Cloudflare as the default. As a summary, local queries or not leaked. We know the resulting UX with the phone prefix is uncommon, but thought it superior to storing your IP (which most companies do while hiding that fact away in the Terms of Service)įor the DNS implementation, we do have in depth docs talking about DNS integration. We chose the approach we felt respected user privacy the most.
Tinywall stop icmp full#
Many tech companies collect all three, with the addition of collecting the full phone number instead of only the prefix. In order to attribute an Internet user to a country you have to collect 2 of these 3 data points, and naturally they have to overlap. Why do you even bother with country AND prefix?įor users subscribing to the SPN, we are required by law to pay taxes. > And if you check country prefix with the list of country prefixes anyway. says they are forwarding to Cloudflare by default. The "SPN" idea is interesting, but also raises the questions about who, where and how would control exit nodes. Overall, this is the product which could be useful for many users, but for me it's a hard no. Where exactly Portmaster would send the DNS queries?Īctual kernel module on Windows so it really can do anything it wants and wouldn't be catched by the machine itself? I use my own Unbound locally, how Portmaster would handle queries for NSs in the Unbound config which are unknown to the world - leak them? What about the DNS resolvers configured in the system? Do you hijack/overwrite them? > The Portmaster actually handles DNS itself and will show you DNS queries in the UI Why do you even bother with country AND prefix? Country does not match with the country prefix for your phone numberĪnd if you check country prefix with the list of country prefixes anyway.
0 kommentar(er)
