I kinda don’t trust my home network because my brother is douche and I feel like he’s gonna do some weird things with the connection, so I prefer to juse use my phone’s data (unlimited data plan) to avoid any shenanigans. Hypothetically, how much harm can an evil wifi do?

Does using HTTPS avoid all risks? What about evey program on your computer or every app on your phone, do they also have HTTPS everywhere on? (I use Android btw)

How much could a VPN do better that HTTPS cant?

  • hemko@lemmy.dbzer0.comEnglish
    9·
    1 day ago

    As others have mentioned, DNS is probably your worst enemy. It doesn’t take much technical knowledge to just create a DNS server and start logging all domains you’re accessing. Say, to tell mom how often you’re browsing porn or something.

    Manually configuring DNS servers in your OS would resolve this issue, but also using VPN like mullivad would just bypass such worries with 99% certainty.

    Or just keep using mobile data, because why not

    • Peffse@lemmy.world
      2·
      1 day ago

      Correct me if I’m wrong but- manually configuring your DNS in the OS would still enable traffic monitoring, wouldn’t it? I always thought DNS traffic is not encrypted by default.

      • pHr34kY@lemmy.world
        4·
        16 hours ago

        I’ve configured my home wifi to capture all DNS regardless of its intended recipient. It’s unencrypted so it’s possible.

        I also use encrypted DNS on my phone.

        • root@lemmy.world
          01·
          24 hours ago

          Technically if you have a NAT redirect rule that routes all outbound traffic on a specific port, you could redirect to port 53 on the pihole and it would be visible because the DoT/ DoH terminates at the Pi which his brother could control? VPN is still a safe bet.

          • Darkassassin07@lemmy.caEnglish
            1·
            21 hours ago

            You can redirect regular DNS like that, but DoH/DoT is encrypted using certificates with a chain of trust just like any other tls connection (that’s kind of the whole point). It would throw security errors breaking dns resolution if you redirected the connection to your own server.

            You would still be better off with a vpn wrapping the connection however as the SNI in each https connection is unencrypted and can be used to log your traffic.

      • hemko@lemmy.dbzer0.comEnglish
        0·
        1 day ago

        Oh, yeah you’re absolutely correct. I was fixated too much on the DNS logging lol

        DoH (DNS over HTTPS) or DoT (DNS over TLS) would fix that

        • ShortN0te@lemmy.ml
          2·
          1 day ago

          Actually no. The SNI is still not encrypted. So every site you are visiting can still be sniffed.

          • Akui@lemmy.ml
            2·
            9 hours ago

            This is resolved in TLS 1.3 with ECH. Adoption is still not wide though, so your concern is valid.