137
Microsoft plans to lock down Windows DNS like never before. Here’s how.
(arstechnica.com)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
I couldn’t figure out if this is enterprise-only or if it will be forced into home editions.
In the how this works section they detail that it comes from MDM solutions. In English this is a feature for it admins of companies who use the intune management software from Microsoft. You probably need pro or better to even use the feature.
At a quick glance, it looks to be a way of whitelisting domains at a DNS level, but with the added feature of having allowed DNS servers.
The amount of Windows bashing in this thread is hilarious, for what amounts to Enterprise grade DNS-over-TLS with additional whitelisting. Doesn't help the home user, but likely won't break home users internet access either.
Lemmy in general hates Windows.
Because they don't understand it. Kinda laughable really.
And I've been cursing MS since Windows 1.0 - what a joke that was. Then MS Bob? You're kidding, right? I so wanted to run Bob just as a joke to fuck with my peers, but I couldn't even tolerate it enough for that.
As a sysadmin, that actually sounds pretty useful. If they add a blocklist feature, it might be a good system-wide malware / ad blocking solution.
With the shady path they've been on lately, I wouldn't be surprised if they locked down the home editions to only using their servers, so they can use the data points/telemetry to sell ads, etc.
They want to get around people's pi holes
They couldn't give less of a shit about the 7 people in the world that use pi-holes
Changes like these tend to be pushed out to the home editions first, and the enterprise version will have a setting to turn this on or off.
This is due to companies usually having a more complex network than home users.
This is a feature for complex enterprise networks and exclusively so. Enabling it will be very opt in, as you will have to do quite a bit of set-up before it works.
This is totally an enterprise feature. I have read enough enterprise documentation to know that. For example All of the wording talking about who is going to use this is "Admins", "organizations" and "end users". That is business/enterprise 101 talk right there.
If it is even available on the home versions it is going to be off by default as it requires a good bit of setup to turn on.
If Microsoft wanted to track you via DNS they would just do the same thing that Google and Apple are doing with their phones. Have a secure DNS option that is on by default. That uses DoH amd happens to use their DNS servers.
Also Microsoft doesn't need DNS to track anyone in Windows. As they control the OS.
Both are scary