← Back to context

Comment by justsomehnguy

4 years ago

> Phone routing can't be blank

> Country does not match with the country prefix for your phone number

Fishy.

And if you check country prefix with the list of country prefixes anyway... Why do you even bother with country AND prefix?

> The Portmaster actually handles DNS itself and will show you DNS queries in the UI

Yikes. What about the DNS resolvers configured in the system? Do you hijack/overwrite them? [0] I use my own Unbound locally, how Portmaster would handle queries for NSs in the Unbound config which are unknown to the world - leak them? How about QNAME minimization? Where exactly Portmaster would send the DNS queries?

Actual kernel module on Windows so it really can do anything it wants and wouldn't be catched by the machine itself?

Yikes.

Overall, this is the product which could be useful for many users, but for me it's a hard no.

The "SPN" idea is interesting, but also raises the questions about who, where and how would control exit nodes.

[0] https://docs.safing.io/portmaster/settings#dns/nameservers says they are forwarding to Cloudflare by default. /Great/

4 comments

justsomehnguy

Reply
davegson  4 years ago

> And if you check country prefix with the list of country prefixes anyway... Why do you even bother with country AND prefix?

For users subscribing to the SPN, we are required by law to pay taxes. In order to attribute an Internet user to a country you have to collect 2 of these 3 data points, and naturally they have to overlap.

- an IP address - a country the user selects - a phone prefix the user selects

Many tech companies collect all three, with the addition of collecting the full phone number instead of only the prefix.

We chose the approach we felt respected user privacy the most. We know the resulting UX with the phone prefix is uncommon, but thought it superior to storing your IP (which most companies do while hiding that fact away in the Terms of Service)

---

For the DNS implementation, we do have in depth docs talking about DNS integration. As a summary, local queries or not leaked. [0]

We are not too content with Cloudflare as the default. We opted for them since they were the fastest at a time when Portmaster itself had speed issues. A re-evaluate is probably due since a lot happened in the meantime. Thanks for this input, I took a note. Also, here is the context of that time if you are interested. [1]

---

And lastly, yes Portmaster deeply integrates into the OS via a kernel extension. Specifically, via the Windows Filtering Platform APIs [2] This means network packets can be intercepted. Just as browsers, who enforce DoH, manipulate network traffic, or VPN software.

I have difficulties seeing your concerns here. We document everything we do and that can be verified by inspecting the source code.

[0] https://docs.safing.io/portmaster/architecture/core-service/...

[1] https://safing.io/blog/2020/07/07/how-safing-selects-its-def...

[2] https://docs.microsoft.com/en-us/windows/win32/fwp/windows-f...

  • justsomehnguy  4 years ago

    Thanks for the response.

    > We know the resulting UX with the phone prefix is uncommon

    Sure it is. I've encountered this type of selection, but extremely rare.

    Maybe add an (i) explaining why do you ask for the prefix? Could be a free bonus point for you for respecting the users privacy. Current link (i) just throws you to Wikipedia without explaining anything. This is pretty confusing.

    > local queries or not leaked

    For the well known zones (listed on that page) sure. I'm talking about any other named zone. Eg I would have a split-brain DNS with only a handful of A records on the public side, while a lot more on the internal side (accessible through VPN, for example). If I understand from your blog [0] you would intercept and reroute this query to the DNS servers configured in the Portmaster. Which not only would leak the internal names but explicitly break the resolving, because it would be performed from the public Internet.

    Also reading further the only place where the /behaviour/ is somewhat explained is the end of DNS configuration article [1] It is not a good marker what I needed to deep-dive in the multiple docs and blog articles to find out how exactly you iteract with DNS.

    And also knowing what you outright disabled 'dnscache' on Windows machines before... Means you have a pretty perverse understanding on how things can and should be done. And for me it would be another hard 'no' for using your product - you are thinking you know better than me or even guys from Redmond.

    > I have difficulties seeing your concerns here

    > Just as browsers

    Excuse me? My browsers doesn't install WFP filters to 'manipulate traffic'. FF can query DoH, but does it by running a user-mode code in the browser process.

    Okay, now I have a way formulate my concerns:

    Not only you do the things you shouldn't do (eg dnscache disablement); you are omitting how exactly your 'Secure DNS' works in your documentation (no, blogs are not documentation); you purposely skew your wordings on things you shouldn't (WFP filters for browsers?!).

    [0] https://safing.io/blog/2021/03/23/attributing-dns-requests-o...

    [1] https://docs.safing.io/portmaster/guides/dns-configuration#d...

    • davegson  4 years ago

      > Maybe add an (i) explaining why do you ask for the prefix?

      True, could be a bonus. Took a note.

      > And for me it would be another hard 'no' for using your product

      Reading about your setup I do agree with you. One shoe must not fit all, totally fine with us. My goal was not to convince you, but to provide explainers and pointers to your input.

      > Okay, now I have a way formulate my concerns:

      > Not only you do the things you shouldn't do (eg dnscache disablement); you are omitting how exactly your 'Secure DNS' works in your documentation (no, blogs are not documentation); you purposely skew your wordings on things you shouldn't (WFP filters for browsers?!).

      Now generally speaking, I acknowledge I responded with technical inaccuracies. The sentence with VPNs and browsers should have been left out.

      I normally tend to BS check technical stuff with Daniel, but did not want to ping him in his vacation because of a HN response. However, I should have disclaimed I am not a Portmaster dev or networking expert. I come from a web development background.

      > you are thinking you know better than me or even guys from Redmond.

      I am certain I know less than you in this field. Thankfully Safing does not rely on my skills in that area.

      I do however strongly push the docs, through which I want to bridge the gap between the high level claims on our website and the source code. If you are willing to contribute, I am happy to receive a write up of yours about the things you feel are missing. It can be technical and beyond my expertise, since I would discuss it with Daniel anyway and see how to best proceed.

      1 reply →