DNS over HTTPS over tor
I would like to request this feature be added to TAILS, and there’s no reason to depend on the tor developers to implement it.
Cloudflare has provided handy instructions on how to do this at:
They suggest a method using their own “Cloudflared” tool, but this can
also be done with dnscrypt-proxy 2, which also works with Tor, and is
There are many advantages of using Cloudflare’s hidden service DNS resolver, and no known reasons not to. Aside from the added privacy, and safety from not having to trust potentially rogue exit nodes, it would also permit Cloudflare to collect statistics about which websites tor users visit, which would allow them to resolve problems with Tor users being able to access websites hosted on their platform. Lets not forget that any other DNS resolver would also be able to collect this information. Simply using a DNS resolver requires trusting the host. So, there wouldn’t appear to be any increase of risk. To the contrary, knowing that your traffic never leaves the tor network, eliminates the necessity of trusting the exit node. Trusting Cloudflare also makes more sense than trusting Google, IMHO. There is already a method for using this service in Tor Browser, because Firefox allows it, which by-passes the exit node’s settings. However, this does not apply universally to other programs and parts of the OS, and this leaves portions of the attack surface unprotected.
It would seem most appropriate to make this request with the developers of the TAILS distro.
Thank you, for your time and efforts. Please, use my donations to make useful changes.
- Is duplicate of #16187 (closed)