Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Internet Security IT

Cloudflare and Apple Design a New Privacy-Friendly Internet Protocol (techcrunch.com) 90

Engineers at Cloudflare and Apple say they've developed a new internet protocol that will shore up one of the biggest holes in internet privacy that many don't know even exists. Dubbed Oblivious DNS-over-HTTPS, or ODoH for short, the new protocol makes it far more difficult for internet providers to know which websites you visit. From a report: [...] Recent developments like DNS-over-HTTPS (or DoH) have added encryption to DNS queries, making it harder for attackers to hijack DNS queries and point victims to malicious websites instead of the real website you wanted to visit. But that still doesn't stop the DNS resolvers from seeing which website you're trying to visit. Enter ODoH, which decouples DNS queries from the internet user, preventing the DNS resolver from knowing which sites you visit. Here's how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can't see what's inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with. "What ODoH is meant to do is separate the information about who is making the query and what the query is," said Nick Sullivan, Cloudflare's head of research.
This discussion has been archived. No new comments can be posted.

Cloudflare and Apple Design a New Privacy-Friendly Internet Protocol

Comments Filter:
  • by c-A-d ( 77980 )

    Are they just trying to make your data more valuable by limiting who can gather it and who can sell it, thus monopolizing the market.

    • by Freischutz ( 4776131 ) on Tuesday December 08, 2020 @10:14AM (#60807246)

      Are they just trying to make your data more valuable by limiting who can gather it and who can sell it, thus monopolizing the market.

      Yes and it is being paid for by George Soros at the behest of the ZOG, the Deep state, the Gray Aliens and the Lizard people ... oh for god's sake, as long as you are careful to use different parties for DNS and Proxy services to maintain 'separation of knowledge', this will severely limit how much of the global DNS traffic any one party can see. This compares favourably with the current situation where your DNS service providers can basically monitor every unencrypted move you make. The DNS resolver can't keep track of you because they do not know who the originator is and the proxy operator cannot tell what you are trying to resolve because the query is encrypted and as long as they can't compare notes their customer tracking and data selling departments have a problem. If you then use a random proxy for every transaction anybody trying to track you has an even bigger set of headaches ... that is, as long as you maintain 'separation of knowledge'

      • Yeah, and conspiracy theorists are hiding iunder your bed and lurking in the shadows of your closet too.

        Get a therapy.

      • as long as you are careful to use different parties for DNS and Proxy services to maintain 'separation of knowledge', this will severely limit how much of the global DNS traffic any one party can see.'

        Yup, just like location data on your cell phone or your credit card purchases - wait a minute!

        • as long as you are careful to use different parties for DNS and Proxy services to maintain 'separation of knowledge', this will severely limit how much of the global DNS traffic any one party can see.'

          Yup, just like location data on your cell phone or your credit card purchases - wait a minute!

          No, try reading the article. What you are talking about is harvesting from a single data source where you as a data harvester have full access to what is being purchased and the identity of the purchaser. This is data being encrypted by the DNS query generator. That encrypted data is then routed through a third party that masks the identity of the DNS query generator by routing it on to the DNS service provider after stripping away any identifying data. This blocks the DNS service provider from being able t

    • by Anubis IV ( 1279820 ) on Tuesday December 08, 2020 @10:33AM (#60807340)

      While your cynicism is well warranted, it's an undeniably good thing that customer data become more scarce. If the only companies with their hands on our data are the major Internet giants, that's an improvement from where we find ourselves today, where the companies with our data include not just those giants, but also thousands of other companies with far fewer scruples. Cutting those latter companies out of the loop is a win.

      When it comes to privacy, our interests align with any company that is actually making things more private, regardless of if they happen to be doing so for self-serving reasons.

      Of course, that doesn't necessarily mean that (O)DoH is a good technology. While it may make things more private, it comes with a number of downsides, such as greater complexity, latency, increased fragility of our connections as we depend on yet another service to visit a site, and so on, not to mention the fact that (O)DoH still lives in the browser, rather than in the OS.

      • While your cynicism is well warranted, it's an undeniably good thing that customer data become more scarce.

        Nothing is becoming more scarce.

        If the only companies with their hands on our data are the major Internet giants, that's an improvement from where we find ourselves today

        Yea, that's the ticket. Cheerlead the growth of large centralized providers best positioned to maximally leverage/monetize their centralized position and denounce all small operators. Aggregation of power is a GOOD thing. Federation = bad, centralization = good.

        where the companies with our data include not just those giants, but also thousands of other companies with far fewer scruples. Cutting those latter companies out of the loop is a win.

        This is a false choice. There is no reason to accept either WRT DNS.

        The answer to insecure DNS is DNS over TLS.

        The answer to untrustworthy DNS servers is picking one you trust or running your own.

        • The answer to insecure DNS is DNS over TLS.
          No it is not. As your DNS provider knows every DNS request you make. The article is about how to make DNS calls without the DNS provider being able to track you.

          Sorry, but that is obvious from the summary. You perhaps should have taken the 30 seconds to read it.

          • No it is not. As your DN.S provider knows every DN.S request you make.

            Sorry, but that is obvious from the summary. You perhaps should have taken the 30 seconds to read it.

            Hence "The answer to untrustworthy D.N.S servers is picking one you trust or running your own."

            Before you deride someone for not reading you should probably take the time to read what they have to say BEFORE clicking "submit".

            The article is about how to make D.NS calls without the DN.S provider being able to track you.

            What I was actually responding to was Anubis IV's generic commentary on centralized providers being a better deal than centralized providers AND presumably ISPs when in reality this is a false choice.

            D.N.S is a federated system and by simply choosing a DN.S service you trust you don't

            • D.N.S is a federated system and by simply choosing a DN.S service you trust you don't have to suffer at the hands of either centralized DN.S resolvers or evil ISPs.
              Yes you have. As the evil ISP sees all your DNS requests. (* facepalm *)

              The proxy scheme is just punting trust to the proxy which is of limited utility vs selecting a D.N.S server you trust and communicating over a secure transport.
              The proxy does not need to be "trusted" as he can do nothing with your requests (* facepalm *) again.

              • D.N.S is a federated system and by simply choosing a DN.S service you trust you don't have to suffer at the hands of either centralized DN.S resolvers or evil ISPs.

                Yes you have. As the evil ISP sees all your DNS requests. (* facepalm *)

                Garbage In = Garbage Out.

                If you really want to trust an evil ISP to provide you with DNS service you should expect evil things to happen as a result.

                The proxy does not need to be "trusted" as he can do nothing with your requests (* facepalm *) again.

                This is like saying VPN providers don't need to be trusted because everything is encrypted anyway. Right here on Slashdot we have been treated to story after story spanning years of VPN services sell out its users.

                The whole point of the proxy provider can be compromised by actions of the providers themselves as even TFA you claim I have not read explicitly men

      • by tlhIngan ( 30335 )

        not to mention the fact that (O)DoH still lives in the browser, rather than in the OS.

        That is something easily fixed, since the resolver in most OSes is just a stub resolver. Since (O)DoH is a replacement for the last mile DNS requests and implementable by every DNS server out there as part of the recursive resolver feature (not every DNS server needs to implement this - only recursive resolvers), it's a simple add on to the DNS library the OS provides.

        When you make a call like getaddrinfo(), you call th st

    • I'm cool with that.

  • by The-Ixian ( 168184 ) on Tuesday December 08, 2020 @09:57AM (#60807166)

    Nice and complicated. The way Internet protocols ought to be...

  • And guess who's lining up to proxy that data for you!

    • Re:"Proxy" (Score:4, Insightful)

      by locofungus ( 179280 ) on Tuesday December 08, 2020 @10:09AM (#60807222)

      And your ISP will still be able to see what IPs you're connecting to. So unless you're going to proxy the entire internet (isn't that what a VPN is for) this is really another way for "big tech" to datamine browsing data that they currently cannot access.

      • its' not the final issue but it's a major improvement. IP addresses don't correlate strictly with websites: you'd have to map a slowly changing set of IP addresses as sites like Amazon S3 or Amakai or cloudflare slowly remap their tumbled domain to IP maps. Second the HTTPS part of the fetch may obscure the subdomain as well. So it's an improvement. Finally for the paranoid do you need to trust the DNS server? not if you proxy the request with https.

      • Well, guess what Cloudflare's plan is...

        Yep, being a CDN for ALL the sites out there.

        I guess they've never heard of a NSL. ... Or did they?

        • Of course I heard of NSL. Just one question, which NSL are you talking about. NSL means a lot of things and context isn't helping. QSL?

          • Obviously in this context national security letter, a demand for action in the name of national security which is secret and may not be disclosed to third parties. A clear violation of first amendment rights which the feds use whenever they feel like it.

      • And your ISP will still be able to see what IPs you're connecting to. So unless you're going to proxy the entire internet (isn't that what a VPN is for) this is really another way for "big tech" to datamine browsing data that they currently cannot access.

        This comment shows an incredible lack of understanding of privacy issues.
        a) The ISP knows what IP you're connecting to and they see that 90% of time you're connecting to Cloudflare. Beyond that they know nothing if they can't see the hostname. The internet hasn't been a series of endpoints for an incredibly long time.
        b) Cloudflare already sees who comes to them. So claiming that they are part of a conspiracy to create a protocol to mine data they already have access to isn't so much a conspiracy theory as m

        • This comment shows an incredible lack of understanding of privacy issues.

          This comment shows an incredible lack of understanding of privacy issues.

          I'm lazy so this is a cut and paste of another comment of mine so only approximately addresses your comment.

          Sure you can see what IP a machine is connecting to. But with ESNI and HTTPS all you can tell is that you're connecting to AWS, you have no idea which particular host you might be connecting to.

          With ODoH you also cannot tell what DNS it is requesting. So you

          • Did you have a point counter to mine or did you not read my post?

            • I did indeed.

              You have one idea of privacy and have completely missed that there are other aspects of privacy that ODoH, DoH, ESNI make worse.

              • Maybe you should re-write your post because I just read it again and it still looks like it agreed with me without explaining any of your downsides.

                Mind you, you're also of the opinion that you can trust the ISP with your data (ISPs have repeatedly and on record simply sold user data without even deanonymising it), while you don't trust Google (a company that only ever provides access to you and never sells your eyeballs). So frankly I'm taking your knowledge of privacy with a 1kg bag of salt.

        • by DarkOx ( 621550 )

          Beyond that they know nothing if they can't see the hostname

          Unless you are ONLY using TLS 1.3 to connect to stuff that IS NOT TRUE. The SNI portion of the TLS handshake is clear text!

          Ok domain fronting is a still a thing but that isn't widely implemented these days.

    • Comment removed based on user account deletion
  • by rpresser ( 610529 ) <rpresser AT gmail DOT com> on Tuesday December 08, 2020 @10:16AM (#60807262)

    DNS was supposed to be FAST. DoH already adds TCP handshaking and TLS encryption to slow things down. Now they're adding a proxy layer, on top of whatever proxying you might already have in your business environment. What's next? Generate random unrelated DNS queries from the browser to poison the cache? Do you WANT people to go back to hosts files?

    • by Entrope ( 68843 )

      Yeah, their numbers show that this doubles the median latency for a DNS lookup even compared to DoH (about 150 milliseconds to about 300 milliseconds). Maybe they do want people to go back to hosts files.

      The approach seems like it could work reasonably well using a non-DoH transport. User sends encrypted request to a proxy, proxy forwards to the target, target decrypts and looks up the response, target encrypts response and sends back to proxy, proxy passes the encrypted response back to the user, and the

      • by Bengie ( 1121981 )
        I'm using 9.9.9.9 as my upstream. I'm getting 40ms uncached and when using DoT to them, 80ms. Connection pooling would be nice. My firewall is showing new TCP connection to 9.9.9.9 spamming all over when doing these tests. But most queries should be cached. My local DNS server holds several million entries and asynchronously refreshes them before the expire to keep the cache warm.
    • by Hawks ( 102993 )

      Back when the Internet was running on Sun 3/60's connected via 9600 baud modems, a fast, and lightweight protocol was a necessity. Now with high volume DNS servers running on big hardware, and the modern high-bandwidth network (unless you're stuck on some old POTS line or some such in which case most modern services will be so slow the DNS lookup won't matter), the added overhead of DoH and/or a proxy is negligible.

      If privacy can be enhanced with a new protocol or process layer with a time penalty 95%+ of p

    • Comment removed based on user account deletion
      • I concur. More than half the time I've seen what looks like some sort of outage, it ends up being slow name lookup. Probably doesn't help that so many sites are loading so much content from so many disparate domains all at the same time.
    • DNS was supposed to be FAST

      And in a time when the internet was slow and free that design criteria mattered. Now that the internet is fast and everywhere you turn someone is hoovering up your data for profit the design criteria changed.

      Car analogy: You're complaining that Ferrari makes sports cars because cars were fundamentally supposed to be used to replace commuting in a horse drawn carriage. The existence of Ferrari does not mean people will instead go back to riding horses.

      That last part of your comment is particularly silly. Jus

  • by Anonymous Crowded ( 6202674 ) on Tuesday December 08, 2020 @10:20AM (#60807288)
    I mean, these are baby steps, but they're in the right direction . . . why jump on the doom wagon so quickly?

    So far, Apple and CloudFlare have erred on the side of the end-user . . . but when you consider where the median for "not monetizing" you, it makes them look a little more saintlike. I'm not saying don't be wary; I'm saying "Why is everything either the end of the world, or the second coming?"
    • So far, Apple and CloudFlare have erred on the side of the end-user

      Can't talk about apple but CloudFlare (and AWS) has made it much harder for me to control which devices are allowed to talk to what.

      Have you seen how many domains firefox connects to at startup? Have you seen how many domains an IoT device connects to.

      I now run a MitM proxy at home (mostly doing SNI inspection only but it can do full inspection) in order to limit some of these devices abilities to open holes in my firewall.

    • by DarkOx ( 621550 ) on Tuesday December 08, 2020 @11:09AM (#60807496) Journal

      Because a lot of us are not convinced it is the right direction. Stuffing DNS into HTTPS which itself started out as HTTP stuffed into SSL isnt design its kluge over kluge over kluge.

      HTTPS happened because some folks realized that transport encryption was a minimal requirement to make commerce possible on the web. They already had all this HTTP server and client infrastructure so rather than invent a new protocol they just encapsulated the old protocol. Then people started discovering all the problems...Oh snap client caches give up the goods, have to disable those for HTTPS (until that became somewhat mitigated by multi user OS and untenable, but wait chrome is going back there...), oops this means either vhosts don't work or we have to bolt on SNI and SAN names... oops all kinds of crypto analysis is possible because of compression... whoops a lot of these CBC mode ciphers are not really a good fit of the situation.. dope..

      Now rather than designing something again we are going to go with just sticking an old protocol into another old protocol designed originally to run plain-text and for use with entirely different media/data and hope it works out. Sure its easy because all the proxies, firewalls, client libraries, etc already speak these languages but that does really mean its the best thing to make core infrastructure dependent on.

      • by bill_mcgonigle ( 4333 ) * on Tuesday December 08, 2020 @12:12PM (#60807864) Homepage Journal

        > Sure its easy because all the proxies, firewalls, client libraries, etc already speak these languages but that does really mean its the best thing to make core infrastructure dependent on.

        It's a problem that people aren't innovating faster and coordinating upgrades, but they aren't. Meanwhile surveillance is a problem, so fixing that in any way possible is better than not fixing it.

        People are currently getting their networks pwned because their SOHO router has FTP ALG's in the NAT for non-PASV operation, which has been entirely unnecessary for 20 years. But "hey it works, we're done" is how the industry operates because tech support is expensive.

        Nothing BUT the cybercriminals seems to be pushing us forward.

        Where's my multicast backbone, anyway? Everything is so inefficient.

      • Stuffing DNS into HTTPS which itself started out as HTTP stuffed into SSL isnt design

        It sounds like you're either confusing DoH with DoT or you fundamentally don't understand the problem DoH is trying to solve. Stuffing DNS into HTTPS *IS* the design goal. The complete end goal at that. The main design criteria. The singular point of DoH is to make it appear as though it's perfectly ordinary HTTPS traffic, even down to the ports it uses.

        What you call a kludge was the upfront design intent. Don't like it, use DoT instead since it sounds like it's what you actually want.

        • by DarkOx ( 621550 )

          it appear as though it's perfectly ordinary HTTPS traffic, even down to the ports it uses.

          Except there is basically no legitimate reason to do that. DNS traffic itself is perfectly ordinary. Anyone with the capability to inspect HTTPS traffic, either sees DOH for what it is or its the instantly SUSPICIOUS HTTPS stream for which TLS negation on their MITM system fails and TCP proxy fallback is used.

          Hiding DNS traffic among HTTPS flows where there isn't a 'allowed' MITM, your corporate firewall where the clients trust it as CA, or live in Kazakhstan isn't useful from a traffic analysis perspecti

          • Except there is basically no legitimate reason to do that. DNS traffic itself is perfectly ordinary.

            Ahhh a privileged westerner. Good luck using "perfectly ordinary" DNS traffic when someone doesn't want you to. I mean you can pretend that the world is all democracy, privacy and first amendments, but other people realise that the world isn't like that and created DoH for specifically a purpose you seem to ignore.

            There's a world of grey lines between a free and open internet and intercepting HTTPS traffic. And one of those shades of grey involves simply blocking DNS and forcing a single provider.

            Learn a bi

    • by Rick Schumann ( 4662797 ) on Tuesday December 08, 2020 @12:23PM (#60807934) Journal
      Let's say you're a stray cat, living on the street. Maybe at one point in time you lived with a family, and you were treated well by them. Then something happened and you ended up living on the street. You discover that not all humans treat you nicely, many hurt you. Over time you get into the habit of automatically believing that humans will hurt you, so you're very wary of them. Then some human comes along and makes all the right sounds and gestures that would indicate they'll be nice to you -- but you can't trust them because your experience has taught you to not trust humans anymore.
      That's where we're at with the Internet. We've all had our privacy violated so many times in so many ways that anyone that comes along claiming they'll be nice and respect our privacy, are doing things to ensure our privacy, are viewed with the utmost of suspicion. We can't be blamed for that, we have every reason to be that way. Trust now has to be earned.
  • This doesn't sound like a new protocol. It sounds like something anyone who knows how to use a proxy can do themselves.

    • Seconded.

      But in the times where somebody thought is was a great invention to create a blog service and limit the length of the posts to n characters, and "everybody" was told to want to agree... not surprising.

      I'm beginning to think, Idiocracy was way too nice of a documentary. This is more like a cocaine Idiocracy.

    • It ends up being an endless game of Whac-a-Mole though, because whoever owns the proxy, or the VPN, or whatever you're routing through, can just rape you for your data anyway. The real solution is for privacy to be considered sacrosanct, inviolate, and the penalties for violating peoples' privacy be made as dire as possible. Probably won't happen though.
  • two words that only go together with "rape", "violate", "exploit" or "monetize" in-between.

    Another good reason to stay the hell away from Apple products (hint: Apple is just as rotten, they just managed to convince a lot of people they're not somhow.)

    • There's too much money involved and they've become as corrupt as everyone else. Capitalism isn't required to be evil to function, but it can become corrupted, and that's what we've seen happening for years and years now. The lure of all the profits that come from the data they take from everyone is just too strong apparently. This is why we need regulation of some things. Sadly, I don't think that even regulation would solve the problem completely, because the 'If you're not cheating you're not trying' rule
  • It's hard to view /. these days...
    • Step 1. Turn your monitor on.

    • You mean the ads between TFA summary and the comments section? Yeah, I keep zapping those, and have looked at the sourcecode, and can't yet figure a way to get uBlock to block all of them automatically. They all look like this:
      tech.slashdot.org##.article-nel-7170.grid_24.thumbs.usermode.article.fhitem-story.fhitem
      tech.slashdot.org##.article-nel-7314.grid_24.thumbs.usermode.article.fhitem-story.fhitem
      tech.slashdot.org##.article-nel-7313.grid_24.thumbs.usermode.article.fhitem-story.fhitem
  • by BAReFO0t ( 6240524 ) on Tuesday December 08, 2020 @10:44AM (#60807382)

    Because everybody knows that adding HTTP to it, is insanity at this point. Ok, everybody but the WhatWG, aka Google and its pawns.

    Meanwhile, I run my own DNS server. Like everybody should.

    • Your own DNS server? My friend, that is not enough!

      I run my own Internet!

    • Because everybody knows that adding HTTP to it, is insanity at this point.

      There are three fundamental constants in physics:
      1. The speed of light in a vacuum.
      2. Plank's constant.
      3. BAReFO0t announcing to the world yet again that he has no idea what problem DoH is designed to solve, despite being told time and time again.

      I saw a Slashdot post on DNS and I got excited to come look for your post. You did not disapoint.

  • Dubbed Oblivious DNS-over-HTTPS, or ODoH for short

    Since the "H" is silent, that would be pronounced ODo [cinemablend.com], right? (SFW)

  • The only way to blacklist all these privacy invasive apple services is to capture the DNS and blackhole their telemetry hosts. It stands to reason that they want privacy from these prowling end-users that want to know what their devices are doing.

    Don't forget, it's Apples macbook, you are just paying for the privilege to use Apples macbook. It's not yours.

    • The only way to blacklist all these privacy invasive Microsoft services is to capture the DNS and blackhole their telemetry hosts. It stands to reason that they want privacy from these prowling end-users that want to know what their devices are doing.

      Don't forget, it's Microsofts' computer, you are just paying for the privilege to use Microsofts' computer. It's not yours.

      If Apple was the United States and Microsoft was Al Qaeda/Taliban/ISIS/{terrorist group name} then we'd be saying "the terrorists have already won". :-(

  • Uh huh, sounds very trustworthy...

    What we need is ad hoc. We already have too many "go-betweens". Besides, everything goes through Utah anyway.

  • So what this really does is give whoever owns the proxy server the ability to collect your browsing habits instead of your ISP. Gotcha.
    Apparently the only way to win the privacy game is to not play. There is no such thing as a 'secure internet' or 'privacy on the internet' and not for any technological reason: no one respects peoples' privacy in the first place.
    We used to have this. Now we don't. It needs to change back to the way it was before. Get your little brown noses out of our business, you asshole
    • by Dr. Tom ( 23206 )
      The proxy can't read your packets. They only know you're making a DNS request.
      • Unless the proxy is built to log everything because the owner of the aforementioned proxy server wants to 'harvest' your browsing habits.
  • by Fly Swatter ( 30498 ) on Tuesday December 08, 2020 @12:49PM (#60808082) Homepage
    THAT is the problem, not my internet access provider.

    Google, double-click, and all the others that drop 'analytics' onto every page you visit... Oh and stop trying to mess with DNS.
    • "Google, double-click, and all the others that drop 'analytics' onto every page you visit..."

      If you don't use ad- and tracker blockers, just block doubleclick et al on the router level.

    • I'd challenge that. An advertiser / analytics company has a financial incentive to keep your data to themselves and sell "access" to you, usually via some API that doesn't even hand over your data to another party anonymously. It's like how CocaCola Co sells you a softdrink but not their recipe.

      ISPs on the other hand have been time and time again caught simply bulk selling non-anonymised data to whoever shows up with some money.

      THAT is the problem.

      • CocaCola does not stand around every place I visit and log everything I have done. Your analogy stinks and is completely wrong.

        That bottle company sold me something, Advertisers/Analytics don't sell ME anything. In fact they take take take. I would rather pay sites directly as I visit them instead of baking the cost of this crap into everything I buy.
        • CocaCola does not stand around every place I visit and log everything I have done. Your analogy stinks and is completely wrong.

          If you think the point of the analogy was the amount of the rate of engagement Cocacola has with you then you fundamentally didn't understand the analogy. In that case it's no surprise you think it's wrong, especially since you are focusing on the selling concept which wasn't even remotely the point of my post.

          Try reading it again.

  • Don't use the DNS of your provider, ever.
    Second, use a VPN if you want privacy.
    Third, block ads and trackers.
    Fourth, for sensitive stuff (grin) I use a portable version of firefox that I delete after each use.

  • Providing privacy AND anonymity is supposed to be a hard problem.
    I suppose a malicious proxy could side-channel the sender IP. Hmm. Hard.
  • We've been making phone calls for decades and never once has anyone suggested we make the numbers dialed invisible to AT&T.

    Yet amazingly, we're fine with two corporations knowing where every person in the world goes online.

  • Hello! Finding the right developer online is not an easy task. If you do not have the technical programming knowledge to assess the developer's abilities, it becomes a mess. But do not worry, there is a solution to this problem as well. You should visit this website here: https://www.daxx.com/technolog... [daxx.com]

Kiss your keyboard goodbye!

Working...