https-everywhere VS dnscrypt-proxy

What's the issue with Firefox's implementation? And this doesn't change the fact that HTTPSe is literally fully sunset.

Here's a small historical curiosity: In HTTPS Everywhere, the functionality used to be call "Block all HTTP requests" but when that functionality was changed (back in 2016 [0]) to not block connections to non-HTTPS hidden services, it was renamed to "Block all unencrypted requests".

I just checked, and indeed Tor Browser 11.5 does not block non-HTTPS connections to hidden services, even when in "HTTPS-Only" mode. Thankfully.

[0]: https://github.com/EFForg/https-everywhere/pull/4370

HTTPS Everywhere is discontinued by its creator and will be removed completely next year, because every major browser includes the functionality already anyways.

HTTPS Everywhere Chrome Web Store Github

[1] https://github.com/EFForg/https-everywhere/tree/master/src/chrome/content/rules

You should ask those writers or see if you find anything useful at their github page here

It's a ruleset for the HTTP Everywhere browser extension.

Maybe try upstream at https://github.com/EFForg/https-everywhere

There is more than one way to do this but I have decided to use dnscrypt-proxy. We will not be using dnscrypt for the dnscrypt protocol though you could elect to use that as the underlying DNS protocol. dnscrypt-proxy lets's us use a SOCKS5 proxy through which the DNS queries will be sent. We will use a Tor SOCKS5 proxy here. You can choose which protocols should be enabled and which ones should be disabled. There are two points:

I tried installing the RPM from the Fedora repos but it's out-of-date and there were no instructions on how to get it operational, so I went with the manual approach as per their wiki: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux

This is awesome, thanks -- going to look into that now. I found SmartDNS interesting and thought I would share it, it's pretty simple to setup. I can see why it's Chinese focused, they have "interesting" internet access over there :-).

I have been looking into DNS quite a bit lately (Unbound, etc), as DNS lookup performance has been pretty subpar lately. I'm in Perth, Australia, and we're pretty remote so our latency is meh at best, and Cloudflare performance has been all over the shop lately, I think they're having issues in WA). DNS can also cause really routing issues here sometimes as we get better latency to Singapore than Sydney, so we might get shunted off to SG.

I've also been using dnscrypt-proxy2 (https://github.com/DNSCrypt/dnscrypt-proxy) for a while, but the above issues with Cloudflares DNS is what triggered me to look into other options.

I use a min-cache-ttl of 15 minutes, which seems to work well.

Thank you for sharing this tip about, looking into this now :).

Sure. I run dnscrypt_proxy behind a pihole. https://github.com/DNSCrypt/dnscrypt-proxy