Wow…OpenNIC! I know very few other people who use it besides me.
I am unsure as I fear that everything would centralize on Privacytools.io instead of there being many trustable providers. This is even if we have at least two threads and an issue related to this:
On the other hand, there aren’t so many servers in DNSCrypt’s OpenNIC resolvers list.
Ugh. When a decentralized network goes “centralized,” it’s like your favorite indie band going “mainstream.”
I’d use it, for sure, seeing more privacy focused DNS providers will always be a plus! (and OpenNIC, yes, please)
downside? new/more trust space for PTIO to earn and maintain…and as Mikaela mentions PTIO is covering a lot of decentralized services ground as it is - adding centralized (or, yet another this that other) service would really be putting too many eggs in one basket if not kept in check.
I would not want to see even “moar services please!” such as email, VPN, server hosting, search, etc ad nauseam added, then it feels honeypot, like cloud*flare and the goog.
On one hand I would like it:
its easy to run, costs almost no resources, and we could even make a nice example of how to run a opennic dns which supports esni/doh/dnscrypt, could even be made into a blog post like the one @jonah just posted.
On the other hand, we indeed do not want to become some centralized services provider like purism is trying. Although, nobody immedeatly has to use ALL our services. One can choose which one they use from us, and which one from others. We can also advice users to do that.
On the third
hand… paw… leg… whatever I just became aware of DNSCrypt onion-services list and there is only our friend Cloudflare Onion Service (introductionary blogpost on clearnet), so I think there is demand and I guess it’s easier to compete with latency on onions than clearnet as it’s more equal and you cannot pick your introductionary points or hops(?).
But that raises the question if you would like Onion-only DoH resolver so you may be more anonymous? But as DoH requires HTTPS, is it even possible for anyone smaller than Cloudflare to offer an onion for DoH? Should DNSCrypt-proxy be asked if they allow invalid certificates for .onions?
What is this, yet another reason DV certificate issuance should be allowed for .onion domains so Tor can finally catch up with modern standards? Huh
This is the reason I’m hesitant to run even DNS
cloudflare has a scary way of saying all the best assuring words over their DNS wonders this past year. MITM/CF-RAY proxy tracking inside TOR would be my concern, especially they start rolling certs for onion sites like they gave that candy away to any who serve from behind their centralized “great wall” (of DDOS protection, pfft!)…
I do suppose this is a future nod towards not harassing TOR users with captcha’s at every turn (sadly they give no such care towards VPN users)
edit to add: fwiw this was reference Mikaela’s 3rd hand/paw/leg post- Would You Like Privacytools.io To Host An OpenNIC DNS Server?
@jonah I do understand your position, and echo room mention earlier that spoke of your considering such shows your great sense of responsibility. For other services provided we have the recommended pages.
For DNS though, would be awesome for PTIO to offer it, especially in this time of early adoption (open/public DNS server with esni, DoH/DoT/Dnscrypt/DNSoverTOR(?), DNSSEC, no logs no filters), there just ain’t many offering it the beautiful package deal like that. public access and OpenNIC especially.
and as Blacklight mentioned above, seeing your other recent guide on setting up alt-svc for automagic onion redirects assures me *if you were to setup such a service (DNS) then we (the world) would benefit greatly from reading your detailed description and could lead to global DNS level revolution once we see how simple it actually is/can be
I wonder if PTIO would benefit from a mission statement that would help drive decisions like this. It might include something about emphasizing free services (free VPN/email/server hosting would probably be unrealistic) and encouraging discussion (which is done with the Matrix server hosting and Discourse server). A well thought out mission statement, formulated with input from the community and other stakeholders, could help streamline the direction of the project.
Just my .02
Well the only thing thats basically been decided that we only host stuff that cannot get us into major legal trouble. Hosting a vpn or filesharing service can do exactly that sadly.
That seems like a reasonable criteria. I would think VPS hosting would also fall under that?
I’d imagine that also only hosting things that would offer a marked improvement in privacy over existing free or similarly costed alternatives would make sense? Essentially, why bother if there’s already an equally good or better option?
Ofcourse, we only host privacy friendly stuff. Anyway we don’t want to become some big centralized provider of service, we just want to be another node among all other selhosted services, to prevent the exact centralization. one could choose our searx and private bin, Purism’s mastodon, Disroot’s email and cloud, etc etc. This way you dont have to choose one provider.
I wouldn’t be discouraged by this response, as it is essentially conspiratorial thinking not based on evidence. As this isn’t based on reason, there is essentially nothing that PTIO could do to discourage it.
“I host my DNS on PrivacyTools, you’ve probably never heard of them” - hipster privacy nerds, probably.
I could help with unbound if needed.