Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I found it enlightening with the amount of data an xbox sends home


It's enlightening when you see all the crap that all the devices on your network are doing. You can take things a step further and isolate IOT devices on isolated subnets, with additional firewall/security rules to create a choke point for all traffic.

Only a matter of time before applications begin to roll their own encrypted forms of DNS in order to circumvent ad blockers.


You mean like DOH? which is quickly becoming ubiquitous.


That's why I had to start MITMing all of my HTTPS connections.


That's when the apps start embedding(pinning) certificates and completely ignoring any additional root certs you might want them to accept from the OS.


That's when you start injecting your own certificate into the certificate verification APIs... one of the amazing powers you get when you're root and actually have full control of your device, no wonder it scares big (ad)tech for users to have that power.


I expect they mean bypass your networks DNS completely and use hard coded ip's or a hard coded DNS (with some way to obscure it).

DNS filtering and blocking is a very powerful tool great for bypassing many features/pitfalls of the internet.


If you have the commitment to it, you can simply force all outbound connections not originating from your DNS servers to be NATed TO your DNS servers.

I do this; no machine other than my 2 DNS servers are permitted to make outbound DNS requests (they are transparently handled by my LAN DNS).

The real annoying change is the transition to DNS over HTTPS. The canary domain[1] is useful but apps are obviously free to ignore it.

[1]: https://support.mozilla.org/en-US/kb/canary-domain-use-appli...


DOH is one way to do it. HTTPS is a secure channel.


I think this is the biggest piece that gets overlooked by many. I still remember the first time I ran pihole and saw all the stuff attempted and blocked. It is one thing to know all those connections are made in theory. It is so radicalizing to see it first hand on your home network.


Just check my pihole there and curry 44.7% of the requests were blocked.

I've seen it as high as 73%.


Seeing how frequently the Xbox phoned home even when it was “off” prompted me to switch the settings from “instant on” to “power save” mode.


My xbox turns itself on all the time entirely randomly. Most mornings its already turned on. I will be in the next room and hear the startup beep go off. I don't know if its a faulty switch or maybe I should put on a tinfoil hat.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: