1/ ISP or the website Youre accessing can see the DNS queries and block traffic. My eSIM routes through Hong Kong, which means no ChatGPT.
2/ iPhones don't get you set the DNS provider / DoH for cellular
3/ DoH breaks wifi redirect walls, making it tedious to enable/disable. Like you cant just enable DoH for certain apps or disable it for others.
2) I believe you can using profiles like those available here[0].
[0]: https://github.com/paulmillr/encrypted-dns
> 3/ DoH breaks wifi redirect walls, making it tedious to enable/disable
Since this is a security focused discussion, why do you see wifi hijacking your dns lookups as something desirable?
Because there are a lot of situations, like being in a hotel, where you simply can't do anything to avoid it and have live with it / work around it.
And while we all would like to live in that perfect ivory tower of CIA-level security, we mostly live in the real world and have to make do with what we have.
wifi hijacking is here to stay.
The solution is to detect it happening, and then switch to a different 'mode' where you ignore all https certs but never send any private data and never trust any data received.
You have use a client side app firewall to prevent all traffic until you have acquired your session.
This is extremely difficult to do even for skilled people.
Android has the ability to isolate the network stacks for different apps/connections till you have cleared the wifi portal.
Often the wifi will not let you "out" until you've been through their landing page, and there's no other mechanism to do this other than hijacking DNS?
> DoH breaks wifi redirect walls
Is that really true? I would have thought all the automatic detection features try with unencrypted DNS? They should anyway.
Ideally it’d actually be RFC 8910 detection (and subsequently RFC 8908 API) but standards usage is generally incompatible with giving POs something to do
Just get a VPN and then you can route your traffic wherever you want and not have to worry about what the carrier is doing.
vpn appears to only work sporadically in china.
All VPNs work without problems with China if you roaming into their network with a foreign (e)SIM.
You will get unfiltered western internet as a tourist.
Which cost me a fortune once when I plugged my phone into laptop to charge (before free global roaming). Dropbox had been blocked for a week, suddenly a flurry of sms arrived (out of order). I’d spent £250 in 3 minutes.
I feel for you. Why would you allow laptop traffic to be routed through the phone though? At least in iOS plugging the phone for charging or backup does not automatically tether.
I often tether off my phone so has tethering enabled, just hasn’t charged from the laptop in all that time
Wasn’t a lot in the end scheme of things - less that the cost of a night in the hotel, let alone the full trip
> Dropbox had been blocked for a week
Why was it blocked for a week? Not sure I understand what happened to you.
China blocked it.
[dead]
iCloud Private Relay fixes all three i think :)
[dead]
I’m a little confused, are you physically located in China or is your data getting routed through China despite you live somewhere else? I can’t figure out what’s being said here.