Comment by davegson
4 years ago
> And if you check country prefix with the list of country prefixes anyway... Why do you even bother with country AND prefix?
For users subscribing to the SPN, we are required by law to pay taxes. In order to attribute an Internet user to a country you have to collect 2 of these 3 data points, and naturally they have to overlap.
- an IP address - a country the user selects - a phone prefix the user selects
Many tech companies collect all three, with the addition of collecting the full phone number instead of only the prefix.
We chose the approach we felt respected user privacy the most. We know the resulting UX with the phone prefix is uncommon, but thought it superior to storing your IP (which most companies do while hiding that fact away in the Terms of Service)
---
For the DNS implementation, we do have in depth docs talking about DNS integration. As a summary, local queries or not leaked. [0]
We are not too content with Cloudflare as the default. We opted for them since they were the fastest at a time when Portmaster itself had speed issues. A re-evaluate is probably due since a lot happened in the meantime. Thanks for this input, I took a note. Also, here is the context of that time if you are interested. [1]
---
And lastly, yes Portmaster deeply integrates into the OS via a kernel extension. Specifically, via the Windows Filtering Platform APIs [2] This means network packets can be intercepted. Just as browsers, who enforce DoH, manipulate network traffic, or VPN software.
I have difficulties seeing your concerns here. We document everything we do and that can be verified by inspecting the source code.
[0] https://docs.safing.io/portmaster/architecture/core-service/...
[1] https://safing.io/blog/2020/07/07/how-safing-selects-its-def...
[2] https://docs.microsoft.com/en-us/windows/win32/fwp/windows-f...
Thanks for the response.
> We know the resulting UX with the phone prefix is uncommon
Sure it is. I've encountered this type of selection, but extremely rare.
Maybe add an (i) explaining why do you ask for the prefix? Could be a free bonus point for you for respecting the users privacy. Current link (i) just throws you to Wikipedia without explaining anything. This is pretty confusing.
> local queries or not leaked
For the well known zones (listed on that page) sure. I'm talking about any other named zone. Eg I would have a split-brain DNS with only a handful of A records on the public side, while a lot more on the internal side (accessible through VPN, for example). If I understand from your blog [0] you would intercept and reroute this query to the DNS servers configured in the Portmaster. Which not only would leak the internal names but explicitly break the resolving, because it would be performed from the public Internet.
Also reading further the only place where the /behaviour/ is somewhat explained is the end of DNS configuration article [1] It is not a good marker what I needed to deep-dive in the multiple docs and blog articles to find out how exactly you iteract with DNS.
And also knowing what you outright disabled 'dnscache' on Windows machines before... Means you have a pretty perverse understanding on how things can and should be done. And for me it would be another hard 'no' for using your product - you are thinking you know better than me or even guys from Redmond.
> I have difficulties seeing your concerns here
> Just as browsers
Excuse me? My browsers doesn't install WFP filters to 'manipulate traffic'. FF can query DoH, but does it by running a user-mode code in the browser process.
Okay, now I have a way formulate my concerns:
Not only you do the things you shouldn't do (eg dnscache disablement); you are omitting how exactly your 'Secure DNS' works in your documentation (no, blogs are not documentation); you purposely skew your wordings on things you shouldn't (WFP filters for browsers?!).
[0] https://safing.io/blog/2021/03/23/attributing-dns-requests-o...
[1] https://docs.safing.io/portmaster/guides/dns-configuration#d...
> Maybe add an (i) explaining why do you ask for the prefix?
True, could be a bonus. Took a note.
> And for me it would be another hard 'no' for using your product
Reading about your setup I do agree with you. One shoe must not fit all, totally fine with us. My goal was not to convince you, but to provide explainers and pointers to your input.
> Okay, now I have a way formulate my concerns:
> Not only you do the things you shouldn't do (eg dnscache disablement); you are omitting how exactly your 'Secure DNS' works in your documentation (no, blogs are not documentation); you purposely skew your wordings on things you shouldn't (WFP filters for browsers?!).
Now generally speaking, I acknowledge I responded with technical inaccuracies. The sentence with VPNs and browsers should have been left out.
I normally tend to BS check technical stuff with Daniel, but did not want to ping him in his vacation because of a HN response. However, I should have disclaimed I am not a Portmaster dev or networking expert. I come from a web development background.
> you are thinking you know better than me or even guys from Redmond.
I am certain I know less than you in this field. Thankfully Safing does not rely on my skills in that area.
I do however strongly push the docs, through which I want to bridge the gap between the high level claims on our website and the source code. If you are willing to contribute, I am happy to receive a write up of yours about the things you feel are missing. It can be technical and beyond my expertise, since I would discuss it with Daniel anyway and see how to best proceed.
> My goal was not to convince you, but to provide explainers and pointers to your input.
The thing is, I should be convinced by your documentation alone. My shoe is unique (as in 0.001% at best), but the questions are valid not only for my setup only. The typical situation would be some VPN provider installing a global route through the VPN service and configuring resolvers to internal company DNS servers (to be able to resolve internal names, duh). This is not /that/ unique situation in WFH world.
> but did not want to ping him in his vacation because of a HN response
Yep, you shouldn't!
> I come from a web development background.
Ah, that explains some things.
> Thankfully Safing does not rely on my skills in that area
Ahah, being humble and self-conscious. Gladly I already drank my coffee.
> If you are willing to contribute
Thanks, no, I have too many posts unread, too many comments not replied.
But overall:
You should have a clear and straight explanation on how P. uses DNS in [0] (right at the start, before anything else) and in [1].
Preferably in typical scenarios, eg:
1. I want to use only secure DNS of P.? A: Configure your OS' DNS resolvers to point to 127.0.0.1/::1; configure P. to use secure DNS providers (or leave the defaults enabled)
2. I want to use my own resolvers, how P. would work with them? A: P. would intercept non-secure DNS requests (plain udp/53) and perform the request itself and return the result back to the querier.
3. I use P. secure DNS, but my work resources (which I access with VPN) isn't working! A: Make following configuration changes in P. config to route queries for you work: ...bla.bla.bla.
For anyone else (who doesn't need typical scenarios, like me?) I need to understand how exactly you provide a secure DNS without changing my configuration. Because now it is looks like this is exactly what happens - no changes, system configured with external plain UDP/53 resolvers... and P. magikally makes them secure.
[0] https://docs.safing.io/portmaster/guides/dns-configuration
[1] https://docs.safing.io/portmaster/architecture/core-service/...
NB: looks like miekg/dns doesn't support QNAME minimisation. This isn't strictly required, but is preferred in some situations [2]
[2] https://www.nlnetlabs.nl/downloads/presentations/unbound_qna...