Windows 10 introducing DNS over HTTPS (PiHole users beware)

You can disable that, I believe.

Start > Settings > Update & Security > Advanced Options > Delivery Optimizations > Allow downloads from other PCs > Off

For ads, yes. YouTube and all Google official apps already do this.

Well I’m sorry, but have you had friends that have forced you into using Skype, grit your teeth against updates, then Skype gets compulsory with version updates simply to maintain countermeasures to circumvent all the crap it does, then your friends abusively tell you: “Grow up. Use it normally, like the rest of the world?”

image.png1106×135 10.5 KB

this seems to contradict what you are saying.

Publicly yes, but maintaining ad delivery uses nefarious ways like hard coded DNS, using the same server as actual content (SSAI) and etc…

Wondering why ads are not blocked on Hulu with uBlock Origin? It’s impossible to distinguish the video streams, so they gave up.

They’re literally saying the opposite of that

Silently changing the DNS servers trusted to do Windows resolutions could inadvertently bypass these controls and frustrate our users. We believe device administrators have the right to control where their DNS traffic goes.

Thats not even remotely related to what microsoft is saying here. They’re talking about adding the ability to encrypt DNS traffic. Serving ads from the same domain as the content already works without this encryption.

Well, if they do take the high road vs Google, it will still need to be witnessed in practice to see if it does this stuff down the line. Skype started ad-free, but then added many UI changes and clunkiness that people didn’t like. It was all in the name of satisfying advertisers.

They also closed source it, when it had an open source repository before being taken over.

No but my work uses Skype for Business and it fucking sucks.

But I get over it because I need to get shit done.

It has caused me personal trauma. Imagine everyone at once regarding this one issue telling you “Grow the fuck up.”

Yeah. And…?

Fuck em.

If its caused you trauma, then why do you still use it?

If everyone is telling you to grow the fuck up, perhaps theres some level of truth to what they say.

Microsoft adding encryption to DNS is added security. As far as I’m concerned, this is good. It doesnt have to be open source to do something good for the users.

I moved to Discord.

But this is recalling a lot of past trauma.

Agreeing with traumatic things just furthers abuse too. And I’m already under a lot of abuse.

But discord is neither open source nor does it respect your data. It sells it off too. So why are you so adamant about preaching to us about this topic?

I’ve been frustrated by the lack of action to YouTube’s official app for stuff like what the PiHole is intended to do and I’ve been thinking of worst case scenarios. Now that they effectively made the PiHole worthless for Chromecast and Google Android/iOS apps, I am constantly worried things will get worse.

pihole isnt entirely worthless if you can use firewall rules to force DNS requests to it. Granted theres an opportunity for microsoft to mess this up, but to me it doesnt make sense for this to be it. They already do ignore DNS for some things so its not like this would realistically change that. I’m unsure how adding encryption to DNS changes this behavior. Perhaps you could expand on the logistics of why this change matters and how they might use it for serving unblockable ads.

The port for standard DNS requests is not used, instead the HTTPS port is used, 443. Unfortunately that’s far too general to filter specific requests, especially since it’s encrypted.

So your point is that they will do the opposite of what they’re doing now and what they’ve always done and what they say they wont be doing… simply ignore the user defined DNS information in favor of some other DNS server.

Incorrect, a firewall WILL work to block traffic from an IP.

But they currently use the system DNS, which again is NOT going to be changed, windows just upgrade the connection if the server supports it. So if you have a Pi-hole, it will still work.

If you are saying that some apps will hardcode IPs or have their own DNS servers for that app only, fine that might happen. But that is NOT what this is about, this article about windows NOT about apps.

Skype double checking the hosts file and overwriting so that ad servers are reachable again is where an app can directly affect Windows.

Also, since YouTube for iOS is now SSAI, that’s why it doesn’t work. If you block the CDN IPs for ads, you block the CDNs for actual videos too.

That has nothing to do with windows DNS settings though. Adding encryption doesnt change how either of these things works.