this post was submitted on 17 Aug 2024
17 points (100.0% liked)

Proton

4992 readers
174 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
ProtonPrivacy@lemmy.world
alex_herrero@lemmy.world
Nelizea@lemmy.world
17
VPN DNS leak - DoH and network.trr.mode in Firefox (lemmings.world)
submitted 3 weeks ago* (last edited 3 weeks ago) by hetzlemmingsworld@lemmings.world to c/protonprivacy@lemmy.world
3 comments fedilink hide all child comments
 

Some feedback regarding Proton VPN documentation and some confusion regarding Firefox DNS configuration:

https://protonvpn.com/support/browser-extensions#firefox says:

"By default, Firefox does not route DNS queries through the HTTPS connection to our VPN servers" and then is mentioned a workaround to fix it.

That suggest alarming thing, that ProtonVPN Firefox user has to do some custom workaround in order to be private (prevent a DNS leak).

On another hand, https://protonvpn.com/support/dns-leaks-privacy says:

"DNS queries are routed through the VPN tunnel to be resolved on our servers"

these statements are a bit confusing/contradicting (though Proton later explains that this latest statement does not apply on a browser extension VPN apps) and Proton further adds at https://protonvpn.com/support/dns-leaks-privacy/#dns-over-https that the DNS leak can happen also due to enabled DoH feature in web browser.

Solution: ProtonVPN browser extension should (if possible) warn user in case it fails to process DNS and as a result, it is leaked. Vote for this feature request

Another "issue" is with the above mentioned/linked workaround (here I am speaking only about Firefox), this workaround: go to "about:config into the URL bar and hit . At the warning, click Accept the risk and continue → search for network.trr.mode"

In my case I had this set that variable to 5 which means DoH "Off by choice", Proton in said tutorial suggest value 3 instead, which means (According to https://wiki.mozilla.org/Trusted_Recursive_Resolver#DNS-over-HTTPS_Prefs_in_Firefox ) "Only use TRR, never use the native resolver.".

This confuses me since it looks like an opposite to what i have now, while any DNS leak site:

https://www.dnsleaktest.com

https://ipleak.net

does NOT report leak in my case nor in case i set network.trr.mode to 3. A bit weird but i guess no big deal?

Thanks for your feedback in advance.

you are viewing a single comment's thread
view the rest of the comments
[–] N0x0n@lemmy.ml 1 points 3 weeks ago* (last edited 3 weeks ago)

Not saying it's better than a native app but it's probably more secure than an extension.

One benefit I could think of is customization of your configuration. I'm pratically a newbie in networking so take everything with a grain of salt, because a wrongly configured network device is as bad a not having one.

However, being able to re-route everything to a corresponding wireguard tunnel adding specific rules to each devices, give you more controle of your network flow (Yes this is more advanced stuff and I only scratched the surface of what is possible). There's way more to it and I lack the proper knowledge, but reading here and there, suggests that extensions are really bad for security/privacy. Also, the more addons you have, the more fringerprintable you are (yes i'm probably over simplifing...)

Sorry if I lack the technical terms, I'm just a tinkerer and like learning new stuff. If there's a native app for every device go for it, otherwise I would suggest to find a way to re-route your traffic through a tunnel without the help of a browser extension.

But hey I'm just some random on the web without any degree, so whatever 🫠