Closed iceBear67 closed 1 year ago
iceBear67
commented
1 year ago https://github.com/iceBear67/mastodon-android/commit/d66d0fe94efbd61a2289e97aac366bb42e2036cf I got HttpDNS running but I still cannot access the blocked instance. Maybe SNI filters should be also considered
grishka
commented
1 year ago This feels like something that should be system-level rather than per-app. Android 8 and newer supports DNS over TLS (which I personally use to block ads), configurable in Settings -> Network & internet -> Private DNS.
But yes, SNI is a thing. Even unsophisticated Russian censorship equipment uses it, though it is too dumb to implement TCP so it can be fooled by splitting the client hello into two IP packets across the SNI domain string.
iceBear67
commented
1 year ago An example of bypassing SNI filters
I'm trying to port it to mastodon
iceBear67
commented
1 year ago Does Cloudflare ban domain fronting?
iceBear67
commented
1 year ago Some CDN Providers support domain fronting while others are not. Besides, we'll have to detect if the instance supports domain fronting. This is, not a job for a social app itself.
Also, DoH (or DoT) can be enabled via Android System Setting. Thus, no need to reimpl one.
The Internet is under heavy censorship in some countries (China for example). To deal with it, some mastodon instances run behind an unblocked CDN service like Cloudflare.
However, the authorities also pollute DNS responses in order to block those instances. Therefore, a mastodon client that supports DNS-Over-HTTPS or DNSCrypt can help people who are under censorship access those instances easier.
Maybe I'll try to submit a PR for android client later