- cross-posted to:
- hackernews@derp.foo
- cross-posted to:
- hackernews@derp.foo
tl;dr: No. Quite the opposite, actually — Archive.is’s owner is intentionally blocking 1.1.1.1 users.
CloudFlare’s CEO had this to say on HackerNews:
We don’t block archive.is or any other domain via 1.1.1.1. […] Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service. […] The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.
I am mainly making this post so that admins/moderators at BeeHaw will consider using archive.org or ghostarchive.org links instead of archive.today links.
Because anyone using CloudFlare’s DNS for privacy is being denied access to archive.today links.
In case you don’t know, Cloudflare already controls a massive amount of websites, have access to their unencrypted traffic and are making the web inaccessible for people who use tor or noscript. They are a threat to the open web.
CloudFlare offers website admins the ability to have their sites directly available to Tor users but they have to activate the feature: https://developers.cloudflare.com/support/firewall/learn-more/understanding-cloudflare-tor-support-and-onion-routing/
Strange, Onion routing was already enabled for my domains. Sounds like at some point it became an opt-out feature, not opt-in.
Do you have an alternative that isn’t google? Because google’s DNS privacy policy is much worse.
I don’t like cloudflare, but their DNS terms are relatively good, and they have my info anyway because as you say, they’re everywhere. I don’t think my not using their DNS will make any appreciable mark on their business, either.
Check out this list: https://adguard-dns.io/kb/general/dns-providers/
Quad9, DNS.Watch, OpenDNS
Three good alternatives.
Also NextDNS is great because you can change every setting (and the free tier offers you way more usage than you will ever use)
I maxed out the free tier in my first month somehow lol… $20/yr isn’t a bad deal for essentially pihole everywhere.
I mean a $35 pi and wireguard [I’m fond of Zerotier personally] can do the same thing… indefinitely… $35/forever > $20/yr :)
Yea that’s on the list for some point. I have a small k3s cluster running on some Pis and experimenting with tailscale.
Nextdns is great.
OpenNIC is an interesting option, if you’re okay with community-hosted servers.
I use NoScript and CloudFlare DNS works just fine for me. That said, I’m looking to switch due to privacy concerns after reading this thread.