Its kinda impressive the length the government will go just to see my bird

After seeing some big follower profile on Xitter try to dunk on your channel get completely flamed I thought it's probably right to say thanks for spreading important info and news to people that aren't that informed in the tech space.

The deep fake grows stronger with each day

And when client side snooping is less than they desire, censors put pressure on network hosts to block any protocols which don't identify a destination in the clear. And the counter to that is relays that don't look like relays to the snoops.

Bro I just wanna say I love your video thumbnails. Makes me chuckle every time

Nigeria should become a constitutional monarchy. Then the Nigerian prince becomes a reality.

I'm so happy that you uploaded this video. Thank you for uploading it.

I believe this only adds a (small) layer of difficulty to hiding visited websites. The ISPs can still see the IP addresses in the packets routed to the websites, and from there easily discover which website corresponds to (something similar can also be done in the client level).

Just found your channel yesterday for the encrypted recursive DNS server. Pertinent content and well explained. Subbed.

I prefer to force people to find me in order to speak to me, really roots out all the nonsense.

In this scenario there will still be a third party (meaning it's neither the client nor the destination server) that will know which website you are visiting. In this example it will be CloudFlare, but it could also be Amazon or even Google, if the destination server is deployed within their cloud infrastructure and uses their CDN.

4:57 lmao I wasn't ready for the suchifur reference

Enterprises have been installing trusted root certs for years. Deviced which don't have this are simply banned from the local subnets. It's not a problem for them.

Thanks for looking out bro

Libre taxi is open source Uber alternative can you talk about it ?

your honeypots are interesting, thank you agent outlaw!

i love you man thank you for your service

I have no idea what you're talking about most of the time. But I like the premise and want to support your channel.

you are really good at explaining shit. so glad I found your channel

There are still plenty of IPv4 addresses hosting a single website, so encrypted SNI/Encrypted Client Hello do not solve those problems. These websites are also very interesting to eavesdroppers like your ISP, because they are usually small/ less popular websites and can tell a lot about your personality. Love your video's! :)

heavy stuff, very well explained 🎉

Dude I'll be real, IPv6 is super fucking based. I don't have to think about ports, or weird configurations for hosting several different websites or servers off the same machine, and use my domain name. Like I can throw 6 different VMs on a box, and they all get their own v6 global address, and I can throw that info into cloudflare and everything resolves correctly. Shit's awesome, it's actually easier work for me. Like I mean the initial setup was a bitch, and it took me a while to figure out how to get the vms IPv6 addresses, but once I did it was just as simple as going into the router, finding the host name and yoinking it's reporting v6 address, and dumping it into my cloudflare. After doing it, I honestly don't see why companies can't be bothered to figure out how this works, since it's really not that hard. Especially if your business is computer networking. Though I will say some weird stuff does require more tinkering, like services/SRV records for VOIP stuff, that can get super freaking jank, but oddly enough that was an easier setup than my linux based cloud server.

Mental Outlaw for president.

4:56 that dragon is making me act... unwise.

I love all of your videos. you are so funny and your videos are very informative and entertaining i learn something new every time i watch your videos!! please keep up the great work.

Unfortunately for ECH to work, more and more people have to be behind centralized services like Cloudflare. Else encrypting single domain name served by an IP becomes meaningless. Internet needs more decentralization, but ECH seems like the first step at better online privacy.

Dunno why, but you're my own Personal CIA chief🙇‍♂️🙇‍♂️

thank you for the great video jayson tatum

I wonder what this means for government blocking of websites.

I Appreciate your information!!! They are using AI to connect and targeted all cellular connections perhaps directly through carriers or maybe fusion centers !!! I always have multiple and duplicated mobile operators on my phone. Getting rid of iPhone as soon as possibly can.

Finally someone pointed it out

Kazakh here, they launched this government certificate thingie, but no one wanted to install the certificate, so they cancelled the initiative (thank god)

I think the main issue nowadays with encryption is that it requires a middle man, called a "Certificate Authority". We now have companies like Microsoft and Google issuing certificates. This is an obvious problem, as this allows those companies to decrypt our data at will. We need to completely re-invent this system.

I think I might switch to Firefox because of ECH.

Im glad these privacy technologies are becoming more distributed

Real talk

The IPv4 problem is artificial. There are so many aftermarket blocks available, and tons of unused blocks owned by universities. The solution to IPv4 is to reclaim unused blocks so they can be allocated again

Most network admins I've known in person rely mostly on a DNS sinkhole and good device privilage configuration. Can't get to naughty sites if your only DNS server turns you down.

I want a full soyjack and glowie meme image pack from the images used on this channel

Fun story: when I was in high school, I worked in the school as a volunteer tech aid. The year I started was after two consecutive years of previous tech aids hacking the school network and causing huge incidents for which they had to document and present their findings to the school district opsec people -- a lot of the security measures in place back then were there because of these hacks, and I and the other new tech aid were tasked with finding and reporting more holes in the security. We found and reported a lot of exploits and vulnerabilities, but one of my favorite red-team escapades was writing my own proxy service that used rot13 to bypass network filters, which hilariously worked. (I eventually made my own shitty little stream cipher as an upgrade.)

why didnt they just make ipv5 with 6 sets of 256

ECH has it's country cousin, "Encrypted Client Howdy".... Ah yes, DNS encryption - a service whose time has come...cheers! Addendum: whoops! Had no idea that it would create anti-malware efforts difficult.

I have no idea what you're talking about but I still agree anyways!

Sounds like a useful feature.

Thanks for spreading information. As always good job bro !

The trusted root certificate part is hilarious.

good stuff indeed

It would be nice to see some kind of PQC incorporated

The liability cost for a VPN is so high that nobody legitimate can afford to run it ethically.

if thats TP Link N600 on the table -- thats an awesome choice for OpenWRT :3

Let’s go. Finally my school won’t be able to block stuff know :)

What do you have to do to get google to show ads of hot single dragons in my area?😂

I'm currently studying network security and it's kinda shocking how little IPv6 has been in all of my courses so far. My networking class didn't even have a graded assignment for it.

I agree

This is cool. Is this getting around chinas Great Wall?

Almost 30 years since 1998? Bro is living 5 years in the future!

4:56 .... tempting

11:37 the correct way was always: use a proxy and explicitly config it, so the user knows it's configured.

Staxum and Ebay signed a partnership. It will blow up once it hits mainstream..

I'm concerned about how you know about the fluffy dragon meme....

How are trusted root certificates installed? Does it come preinstalled on whatever theoretical device that’s being owned or would it be injected in real time through some other protocol?

Pre-sale for Staxums STX is a once-in-a-lifetime chance. Reserve your place!

So how to defend against these root certificates (if you're a beginner)

What about dns sniffing? Couldn’t whomever is operating the dns also know the destination address of your remote sesh?

Nice

on GRC podcast I read that only 6 root CAs are enough to cover 99.7% of the web! And we can delete the remaining 100 small ones.

✌️

Can’t the ISP see the IP address and do a reverse lookup to see what web pages we’re visiting?

Can you make a Video, where you put these puzzle tiles together , so someone can surf normally? Like watching KZbin, write comments on X and deliver Pizza like Maybe you can also make videos, how about to avoid new known viruses and so on

What options are there to use ECH currently?

There is a simple solution to filtering ECH for governments and companies - just block all ECH traffic. Russia already does this with eSNI.

Ive had the feeling BTC would be going to 40k as well. Clearing out all my Alts going into BTC and Staxum only, maybe a little BNB.

Everyone talking about the Staxum launch best news this year.

this is some cool shit but couldnt they just force DNS for network admins on there own DNS and they could still monitor and block traffic that way?

Tricky situation...

This is cool but also a pain in the ass for network mantainers... business level firewalls are basically useless with this, hope they find a way to route encrypted traffic without destroying clients privacy

That’s grate content you’re creating there. What’s the best anonymous crypto exchange now ?

Staxum presale began, and wealth for future generations is already being created.

Cool channel

Can't "they" still see where I'm going by checking the outer sni?

Would you recommend hosting an onion?

Not visiting Chuck but can I visit Sneed's website?

Last call for you guys to ape into Staxum. Nothing better this year..

So, we are going to see firefox plugins to firewalls? Which can communicate to the browser to see if the site you plan to visit is forbidden or not? :)

11:30 i work in a hospital in IT, and damm we will not let people view websites without blockers and filters....

8:48 - well they're not lying, they can't see anything on their end! the wacky little black NAS that's first in the network chain though, yeah - that thing can! but fortuantely that little blakc NAS thingy is just a figment of your tortured mind as you learn that skateboarding and waterboarding have much in common

happy xmass i guess

Jokes on you I've been using it for years already in Brave and Firefox 😎

How to check if ech is working or not?

4:56 Damit how did he know? You be spying on me Mental outlaw?

1:30 There is actually a scarcity of sand for silicon chips

For admin cant they have a system that just dose ip checking and updating block list

And it came out of Cloudflair, not Mullvad!

my isp blocks certain websites ordered by government. Obviously we can proxy or VPN to these sites. Some sites are protected behind Cloudflare and i used to be able to still navigate to these sites with https, not using my ISPs DNS and using encrypted DNS, etc. but eventually my ISP was still able to block the conenction. I guess they use the unencrypted hello to determine the site. So, i guess this will be something that will help circumvent this type of blocking/censorship. The whole idea of government issued root certificates is nuts (I hate it passionately) and it will just make the internet more and more insecure than it already is. I'm against government levels of censorship but the governments will just roll out the "protecting children" mantra, when it is nothing of the sort. For me, it's fine for a company or a parent to have the ability to certain block websites/content to protect a company's network or a child from being exposed to adult material but my government as the gatekeeper for my kids and ultimately me and other adults, no thanks!

How does this differ from a vpn or proxy? It sounds like it’s basically just a cloudflare hosted vpn at the core

so this ech is the same responsibility amount as being careful with your phrase and passcode for your crypto wallet bitcoin to not lose it because it's decentralized and not logged anywhere. you lose your bitcoin but nobody can steal your bitcoin and no one can control it. so it's up to the responsibility of the employees to not take advantage of their boss and create trust to not slack in productivity

What is a good DNS provider to use with this?

HTTPS isn’t bulletproof. SSL stripping exists, and how do you think IPS works on firewalls. They strip the SSL

What's the point of this if your ISP can see what ip adresses you are connecting to anyway. You can easily figure out what sites one visits by their ip adresses

I love your vids but could you please use a dark mode or something? I'm getting flashbanged everytime you show us a web page 😎