Privacy-preserving services

[Moonchild]

With how the Internet as a whole is becoming more of a privacy nightmare since earlier this summer, I've been toying with the idea to start offering a few essential Internet services as part of the project, but I'm not entirely sure how much desire there is for it in our community for whom I'll primarily be doing this (although they would be made public).

So, I'm posting a poll here to gauge the level of interest. Would this be something you'd want to be using? Are you already covered by others? Or do you not care?

• DNS resolver will allow you to have a region-neutral, uncensored DNS lookup (important for e.g. ISP-blocked websites). No logs of the queries or clients performing the lookups although I may aggregate general DNS traffic to be able to have statistics for service monitoring and adjustment.
• NTP server will keep your date/time accurate. ("Internet time") - this can be a potential privacy risk recording activity at your IP address.
• Although I do not want to get involved in Tor as a whole, will not relay traffic, and will continue to block Tor exit nodes for abuse, I could offer an entry node (bridge) into the Tor network for users wanting to use it. I could also potentially offer .onion versions of Pale Moon websites internal to the Tor network. (likely just public info sites in read-only fashion)

This is off the top of my head. If there are other services we could possibly offer to help combat the privacy issues on the net, comment below.

[Michaell]

You're a long way from me - is it a good idea to have our DNS server that far away? Would it really offer any privacy travelling through the network so far? I'm not really clear on whether DNS servers are customizing their lookup list or everyone is offering mostly copies of the same data (excluding China, etc.).

A long time ago (Win 98 maybe if not earlier) I knew how to choose a time server for Windows. I haven't even attempted it on recent versions. If we can't control all the other things Windows does behind the scenes, is time server really a big deal?

I don't want anything to do with Tor stuff.

[Moonchild]

You're a long way from me - is it a good idea to have our DNS server that far away?

If you have a lot of latency/high ping then it may slow down your browsing a little. Otherwise it doesn't really matter. Not like I'd be running it on a server on dial-up or something

Would it really offer any privacy travelling through the network so far?

Yes it would. DNS lookups give potential monitors a pretty accurate map of what sites you visit when. How far it travels doesn't really matter; the more important point of data collection is on the DNS server itself (i.e. the server at the IP you use for DNS lookups)

I'm not really clear on whether DNS servers are customizing their lookup list or everyone is offering mostly copies of the same data (excluding China, etc.).

Yes, and it's one of the main ways censorship is being implemented at the moment. If you can't resolve a DNS name to the intended server, you can't connect to it. Often these lookups are hijacked (and don't give a lookup failure) further making it difficult to bypass.

If we can't control all the other things Windows does behind the scenes, is time server really a big deal?

Not to the level of DNS but it's something I can easily run with very little resource use, so why not, if I'm going to do this?
As said if you think of other services I could offer that don't need a lot of resources, let me know.

[null_ID]

Considering what the EU is planning with their censorship/forced age checking directive, the anti-censorship DNS resolver should be your top priority out of these 3, should you choose to take on this undertaking, so that's what I voted for. I still consider freedom of the Internet as paramount, so much obliged if you can do something, anything to help with this matter. I'm on Linux, so I already have solutions for the other two, ergo I'll leave them to your discretion.

[Moonchild]

Looking at the responses so far it does seem like there's at least enough interest for something, so I'll be setting up a server shortly.

[Lucio Chiappetti]

My ignorance.
Are you talking of a DNS used by the Pale Moon browser to resolve http/s queries or of as DNS for general purpose ? Ditto for ntp.
I always thought a browser would use whatever DNS (or ntp) the machine has set for general use, and never worried (wrongly ?) about DNS or ntp as a privacy-breaking service.
At work in /etc/resolv.conf and /etc/ntp.conf we point to local DNS and ntp.
At home ntp points to ubuntu pool, and resolv.conf to 127.0.0.53 which I guess points to whatever DNS my router is using.
Am I doing something dangerous ?

[Moonchild]

Are you talking of a DNS used by the Pale Moon browser to resolve http/s queries or of as DNS for general purpose ? Ditto for ntp.
I always thought a browser would use whatever DNS (or ntp) the machine has set for general use, and never worried (wrongly ?) about DNS or ntp as a privacy-breaking service.

I'm talking about DNS as a system resolver. Pale Moon uses whatever resolver your OS uses (unlike Firefox and potentially others using DoH punching a hole into security).
The issue has become that general-use DNS resolvers are increasingly being used as both a means of censoring the internet and monitoring users' browsing behaviour (especially with the pushes for "online safety" to be enforced by governments and onto ISPs now). After all, if your IP address does lookups for websites and services, whatever resolver is in use can see which domains are being resolved and can track/map queries to your IP (and/or account in the case of ISP resolvers).

At work in /etc/resolv.conf and /etc/ntp.conf we point to local DNS and ntp.
At home ntp points to ubuntu pool, and resolv.conf to 127.0.0.53 which I guess points to whatever DNS my router is using.
Am I doing something dangerous ?

NTP pointing to the "ubuntu pool" means you're tapping into the ntppool effort to provide error-resilient and drift-resilient public ntp servers. While I don't think there's a trust issue with that you will effectively not know if any logging is happening of that (although it's very unlikely in that case, they are volunteer-operated nodes, so...)
The DNS thing depends on what the local/router's DNS setup is. In the case of routers, it tends to get forwarded to whatever your ISP has configured when your router gets its public IP address through DHCP. Same with how the "local" DNS is set at your workplace (your work's IT people would/should know).
While not necessarily "dangerous", it is something to think about. It basically boils down to trust.

[andyprough]

I would vote for a no-log VPN server in your country (Sweden?) with no-log DNS (and no-log ntp? is that possible via vpn?) built into it. Something that you could charge a fee for and that would be highly useful.

And/or, an encrypted email service. Also something you could charge a fee for.

DNS is useful, but it's tracking your IP and reading your mail where they really get you.

[Moonchild]

I understand where you're coming from but a VPN and mail service would be a completely different scope in terms of resources required, and I really don't want to step into the commercial business of providing such services. There are already plenty of such services out there as well. And I honestly don't want to become responsible for potentially abusive users hiding behind the services I provide.
I can provide both of these things to people I trust only. Not to strangers who just pay me x amount to be anonymized potential abusers of the Internet. That isn't my thing.

[andyprough]

I can provide both of these things to people I trust only.

That would still be very cool. You could establish criteria for entering your circle of trust. We should have such trust-based services. Not that you shouldn't charge a fee, but the ability to pay shouldn't be the only criteria.

[Lucio Chiappetti]

I'm talking about DNS as a system resolver. Pale Moon uses whatever resolver your OS uses

Thanks for the clarification. So it is an additional service wrt to the browser itself. I voted "I don't care" but I could change my vote to "I don't care so far but might care in the future"

The issue has become that general-use DNS resolvers are increasingly being used as both a means of censoring the internet and monitoring users' browsing behaviour (especially with the pushes for "online safety" to be enforced by governments and onto ISPs now).

I guess I could understand the first part (long time ago when I was looking to my institute DNS, we were requested by a fiscal authority (some branch of the Finance Ministry) to add a zone file blocking some gambling sites. I do not know whether this is still active). I never thought about DNS request logging. Too naive ?

The DNS thing depends on what the local/router's DNS setup is. In the case of routers, it tends to get forwarded to whatever your ISP has configured when your router gets its public IP address through DHCP. Same with how the "local" DNS is set at your workplace (your work's IT people would/should know).
While not necessarily "dangerous", it is something to think about. It basically boils down to trust.

At work i should know, as I helped setting it up (now I'm a retired associate). Our domain got a delegation from GARR (the national research network), so I trust it. We do not log lookup requests, and even if we did we rotate all other logs so that after a few weeks they are gone.
At home I should say I'm unfamiliar with the Ubuntu-style 127.0.0.53. I suppose (or hope) whatever DNS the ISP has in the router is OK. In principle I could have pointed home resolv.conf to the work DNS, but I do not do it since I use the home machine also for myself, and using a GARR facility not for research activities would be against the GARR Acceptable User Policies.
I guess the only possible tracing going directly to me (my SIM phone number) would be the one of the ISP. Since I get a CGNAT dynamic IP which changes all the times, any other site would see an access from an IP number whose association with me will be time-dependent and would require a request to the ISP.

Actually a possible trouble could be if the CGNAT IP is re-used from one which was blacklisted when used by somebody else. We had a problem like that during the COVID times. At the time our staff which did not have a personal network connection at home (like me and some 50% of the staff) got a loan-for-use SIM from one of the primary telephone companies (which had a special price for public administration) ... and some of their IPs got blacklisted by NASA (which for our activity was somehow annoying )

[Stargate38]

I think all 3 of those things should be considered, and I also think that the DNS/VPN/TOR (and email services suggested) should be free (i.e. optional donations could still be accepted, possibly using crypto to reduce chances of being tracked). Not sure if that's possible or not.

[Moonchild]

I also think that the DNS/VPN/TOR (and email services suggested) should be free

You think server hardware and bandwidth is free, do you?

[jarsealer]

Although I do not want to get involved in Tor as a whole, will not relay traffic, and will continue to block Tor exit nodes for abuse, I could offer an entry node (bridge) into the Tor network for users wanting to use it. I could also potentially offer .onion versions of Pale Moon websites internal to the Tor network. (likely just public info sites in read-only fashion)[/list]

This is off the top of my head. If there are other services we could possibly offer to help combat the privacy issues on the net, comment below.

I think tor IPs should at least be allowed to visit Pale Moon websites, but perhaps with a restriction on registration for the forums (I would still suggest allowing it, but maybe require some type of manual verification).

Onion sites for Pale Moon sounds decent, which is what i voted for, and the DNS service.

Off-topic:
I'd also suggest providing DoH or DoT for encrypting the query when it flows from the client to the server, to prevent any monitors from knowing what site was visited. it doesn't prevent them from knowing the IP address of the website, and they can also look at the server name indication or client hello of the packet to find the query made by the client, but it's better than nothing and probably prevents censorship that rely on DNS blocking. There's a way to encrypt client hello, but it's not currently widespread: https://blog.cloudflare.com/encrypted-client-hello/

[Moonchild]

DNS should be up and running
IPv4: 5.189.164.139
IPv6 (unable to test from my connection): 2a02:c207:2280:9322::1

Please let me know if it works, if there are any issues, something doesn't work, etc.
It is rate-limited to prevent it becoming part of amplification attacks so if you are using busy shared proxies or using it to resolve many addresses at once (e.g. trying to use it for bulk processing of log IPs or what not) you may hit that, but normal direct web use should be fine.

[Moonchild]

I think tor IPs should at least be allowed to visit Pale Moon websites

Unfortunately it's just not the case because we have a much larger than normal crowd of moderately tech savvy people with a chip on their shoulder trying to abuse any which way they can to disrupt our operations. Tor exit nodes are simply too abusive for the ease of setup and use of OOB Tor browser packages to quickly and easily start to harass us.

I'd also suggest providing DoH or DoT for encrypting the query when it flows from the client to the server,

No. DoH/DoT isn't actually solving the problem I'm setting this up for, isn't benefiting our community since we don't support DoH in Goanna anyway, and goes against my vision of a healthy, multi-protocol internet. Not to mention the problem DoH/DoT causes for organisational network security. See my other posts on this forum about DoH.

[back2themoon]

Seems to work fine. IPv6 works. Didn't notice any issues, although not sure what kind of issues are to be expected here. Slow speed due to increased server distance? Something else?

I did run a DNS Benchmark test and it sits somewhere in the middle, which looks good. Not too distant from the big ones. Didn't notice any slowdowns in real-life usage.

What's the situation with the secondary server? Do we just put the primary of another server?

So, many thanks! Do you have a cool name for it?

[Moonchild]

IPv6 works.

Great! Thanks for testing.

I did run a DNS Benchmark test and it sits somewhere in the middle, which looks good.

Yeah it's not running on super-fast hardware or on a dedicated network stack, so that's entirely expected. It should also be faster as its caches warm up over use.

What's the situation with the secondary server? Do we just put the primary of another server?

You should actually be fine with just one entry for now. I'll set up a fallback as time permits, as well, but for the time being it's just one box.

No cool name for it yet. suggestions welcome. at the moment it's just named dns.palemoon.org as FQDN

[Moonchild]

Time server is also running as a stratum 3 server with 5 peers.
To use it, put time.palemoon.org in your internet time host configuration.

[andyprough]

DNS should be up and running
IPv4: 5.189.164.139

ipv4 seems fine, plenty fast enough. I'm testing it on dns.ipleak.net and it's passing the privacy tests.