Privacy warning
Hello
just had a privacy warning come up on my iPad and then both iPhones would allow access to the internet while on wifi. The privacy warning was 'This next work is block encrypted DNS traffic'
Then after 5 mins all started working again? Any ideas?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi, If you could search over the internet about this notice, you will see this warning on different routers and It does not simply mean “this network” would block any encrypted DNS, mainly indicating your current routers don’t support DNS over HTTPS. Currently, for Deco, It did not support it yet but it would forward the encrypted DNS request to other DNS servers which do support DoH. And You are right that Apple has taken one step further about the support of encrypted DNS. We are also collecting users’ feedback and trying to make it possible.
Why don’t you start submitting feedback via Deco APP>Help>contact us>suggestions to tell the engineers what you are most concerned about and wish to be achieved.
Thank you very much.
- Copy Link
- Report Inappropriate Content
TP-Link wrote
Hi, If you could search over the internet about this notice, you will see this warning on different routers and It does not simply mean “this network” would block any encrypted DNS, mainly indicating your current routers don’t support DNS over HTTPS. Currently, for Deco, It did not support it yet but it would forward the encrypted DNS request to other DNS servers which do support DoH. And You are right that Apple has taken one step further about the support of encrypted DNS. We are also collecting users’ feedback and trying to make it possible.
Why don’t you start submitting feedback via Deco APP>Help>contact us>suggestions to tell the engineers what you are most concerned about and wish to be achieved.
Thank you very much.
TP-Link wrote
Hi, If you could search over the internet about this notice, you will see this warning on different routers and It does not simply mean “this network” would block any encrypted DNS, mainly indicating your current routers don’t support DNS over HTTPS. Currently, for Deco, It did not support it yet but it would forward the encrypted DNS request to other DNS servers which do support DoH. And You are right that Apple has taken one step further about the support of encrypted DNS. We are also collecting users’ feedback and trying to make it possible.
Why don’t you start submitting feedback via Deco APP>Help>contact us>suggestions to tell the engineers what you are most concerned about and wish to be achieved.
Thank you very much.
@TP-Link hi, let's not point fingers at Apple that they have started encrypted DNS , the error message is very clear in simple English "THIS NETWORK IS BLOCKING ENCRYPTED DNS TRAFFIC" and why do you give it a different meaning that it is not supporting it, secondly how come it's more than one year you guys have been collecting user data, I haven't spend my money on a crappy product that is not able to provide a proper service.
Do let me know the timeline else I would prefer to throw away these devices.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Denis55 TPLINK is running away from this issue and pointing fingers at Apple that they introduced strict security policies which TPLINK
- Copy Link
- Report Inappropriate Content
Workaround can be found on a certain page but I am not allowed to share this link here so I copied the contents instead. With thanks to Neil Townsend
Apologies for the long subject line. For a while now I have been having problems on my apple devices which bring up errors like the one in the subject line. After quite a bit of hunting around, I think that there are solutions to this issue and I thought this was probably the place to post them for comment.
What is the issue?
From what I can tell, more recent version of apple operating systems use encrypted DNS services to protect your privacy (their description, not mine). PlusNet provides, by default, a service which blocks access to a number of domains which stop you accidentally going to websites which are extremely dubious, to put it politely. As it happens, “extreme thought dubious” website use a similar technology to apple (and other VPN systems) in keeping privacy, and so all forms of privacy protection get blocked.
What are solutions?
I have found three, and I’ve put them in my order of preference. Your order of preference may be different.
Solution 1: Keep the safeguarding system on, but configure it to allow access to apple’s secure DNS servers.
- Log in to your plus.net account.
- Click on the Broadband icon
- Select “Safeguard” from the Help and Settings menu, bottom left
- Select “Allow websites” from the left hand menu
- Type “mask.icloud.com” into the “Add a website” text box and click “Add”
- Type “mask-h2.icloud.com” into the “Add a website” text box and click “Add”
- Click “Save”
Solution 2: Disable the option on each mac devices.
This will vary between OS versions and device. For email, on an iPhone, iOS 15:
- Run the settings app
- Go to Mail > Privacy Protection
- Set “Protect Mail Activity” to Off
If you have enabled “Private Relay”, turn it off.
Solution 3: Disable the safeguard provided by plusnet
- Log in to your plus.net account.
- Click on the Broadband icon
- Select “Safeguard” from the Help and Settings menu, bottom left
- Turn it off (top right of screen)
- Click Save or agree with the confirmation box.
I chose solution number 1 by adding "mask.icloud.com" and "mask-h2.icloud.com" in the white list on my Deco X60 router. I also chose 1.1.1.1 as my main DNS and 1.0.0.1 as alternative pointing to Cloudflare. I have not seen the ”DNS encryption blocked” anymore on my iPhone.
Apples reference can be found at "developer.apple.com/support/prepare-your-network-for-icloud-private-relay/" so it is a known issue and workaround so must be legit.
Good Luck
- Copy Link
- Report Inappropriate Content
Thank you very much for your feedback.
It would be very valuable and I would love to forward your post to the senior engineers for further checking.
But I do have some questions and hope you could help me.
I see you mainly talked about PlusNet service and the solution one is about adding "mask.icloud.com" and "mask-h2.icloud.com" to the whitelist.
1. Since the Antivirus of Deco X60 has a whitelist as well, I wonder did you add these two sites on both of them, or only on the whitelist of Safeguard in Plusnet?
2. Before adding these two websites into the whitelist, if you only change the DNS and forget/reconnect to Deco, the error warning would not disappear, right?
Thank you again for your time and patience.
Best regards.
(PS: I have provided my email in the private message and It would be highly appreciated if you could share the whole related link with me, thank you in advance.)
- Copy Link
- Report Inappropriate Content
@TP-Link there is an issue with the deco why should we compromise in the security aspects like disabling iCloud private relay and all that TP Link
- Copy Link
- Report Inappropriate Content
@TP-Link after the tech support asked me for the email and password for my account, I don't associate "Privacy" with TP-Link
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 23323
Replies: 41