* Linux: [systemd-resolved on Arch Wiki](https://wiki.archlinux.org/title/Systemd-resolved#DNS_over_TLS) [Actually secure DNS over TLS in Unbound on ctrl.blog](https://www.ctrl.blog/entry/unbound-tls-forwarding.html)
* Windows 11: [proper method](https://docs.microsoft.com/windows-server/networking/dns/doh-client-support) or (read first: [Microsoft: Windows registry for advanced users](https://docs.microsoft.com/troubleshoot/windows-server/performance/windows-registry-advanced-users)) [improper method that only experienced users if even them should use](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/Windows/DoH/DohWellKnownServers.reg) and in any case network settings
Counter-argument: encrypted DNS doesn't encrypt the IP address you are connecting
to which often maps back to the plaintext domain, and SNI is still visible so
the sites you visit are still visible.
Counter-counter-argument: do people around you really care if the ISP and
encrypted DNS provider know they are visiting sites like `facebook.com` and
`youtube.com` as they still cannot see what you are doing there?
In case encrypting what is being done on sites (https) and encrypting DNS
(to protect from DNS hijacking) is not enough, I would advice using [Tor](https://torproject.org/) instead
and becoming familiar with their website.
What if the WiFi-AP/ISP/VPN/encrypted-DNS server is lying whether intentionally or not? DNSSEC
and certificate authorities. Also out of scope for this post, but if your
interest is piqued, please do use your favourite search engine to learn more,
I already wrote too much about encrypted DNS...
### Real time communication platforms
If you look into Privacy Guides instant messaging platforms, at the time
of writing it will suggest you to use Element. That means nothing,
[there are three different apps called as Element on three different platforms, the only thing in common is the name and if you are looking for privacy, you should look into it deeper or look entirely elsewhere, but that is my previous blog post]({% post_url blog/2021-11-23-leaving-privacyguides %}). TL;DR is that (at the time of writing)
your room specific display names may leak and media files are never actually
removed. If that is fine for you, great. If your issue is just with
room specific display names, I would suggest a Matrix client that allows
using multiple different accounts such as [FluffyChat](https://fluffychat.im/) (note:
I am a contributor).
Privacy Guides not warning about Matrix may be partially my fault
as [I was the team member mainly warning about it and assigned the issue to myself](https://github.com/privacyguides/privacyguides.org/issues/50) though.
XMPP? Privacy Guides doesn't mention it, because there is no single app
to recommend across all platforms (and I am grateful about that
as opposed to Element not being Element not being Element) and the protocol
doesn't enforce end-to-end encryption. I am not sure if being under control
of the server admin counts as Matrix also allows server admin to perform takeover
and other hostilities. [Compatibility suites?](https://xmpp.org/about/myths/#everybody-implements-different-incompatible-extensions),
they don't care.
Speaking of end-to-end encryption, another rejected solution especially for
teams is IRC, especially [Ergo](https://ergo.chat/) (which I am going
to blog in the future about) as end-to-end encryption
isn't useful in public channels, it can easily be used in internal network
(maybe accessed by not-misnomer-VPN I wrote about above) or ran in public
allowing Tor access without requiring registration, at the time neither Slack
or Discord provides end-to-end encryption and neither Slack or Element provides
guest access to my knowledge. (The toggle in room settings? It was removed
accidentally without never getting reimplemented).
Anyway, there may be a time and place for every communication platform,
personally I perform a lot of mix-and-matching as that is what people I
actually do want to communicate with do, I haven't been able to talk my
family from WhatsAppby<s>FACEBOOK</s>Meta (I actually tried to leave
it pre-pandemic and thus lost access to many people and peer support groups),
I have several Signal contacts, Matrix and IRC are in my daily use and I