hello,
TLDR: just enable DoH
Today, my friend and I were talking about SNI and deep packet analysis shit done by the government. I insisted that since they do this kind of shit they can block access to certain sites like TPB and other freedom websites. he suggested that I just enable DoH in firefox and see the magic happen. I didn’t believe him until I enabled DoH and magic. I can access every censored website.
so just saying that sometimes the bypass is much simpler than we think!
also I am thinking that even if the DNS request is encrypted cant they see the TLS client hello message and block it? or is it impossible?
Yes, everyone should set up DoH (DNS-over-HTTPS) or DoT (DNS-over-TLS). You can do this at the browser level, like you just did in Firefox, or at the OS level.
You can also block ads this way, by cutting off connections to known ad domains before they even start. Mullvad runs a free ad-blocking DoH server anyone can use. See https://mullvad.net/en/help/dns-over-https-and-dns-over-tls for instructions on how to set that up on your OS.
Firefox has also just announced a built-in VPN, which could help get around other types of ISP-level censorship. That’s probably the only free VPN I’d trust, personally. Mullvad and Proton are well-regarded paid VPNs if you want to go that route.
the acronyms in this context are the biggest barrier for people to understand wtf is going on. lol
Ad blocking with DNS only works some time.
Right. It only works for dedicated ad domains. In practice, that’s a LOT of ads.
On Android, it’ll block most ads, including full-screen ads, within apps.
In will NOT, however, work with sites like Netflix or Youtube, because those use the same domains for ads as for the actual videos.
Proton also has a free tier on their VPN
is it available to all proton email users?