|
|
Subscribe / Log in / New account

DNS over HTTPS in Firefox

DNS over HTTPS in Firefox

Posted Jun 3, 2018 11:33 UTC (Sun) by tialaramex (subscriber, #21167)
In reply to: DNS over HTTPS in Firefox by Sesse
Parent article: DNS over HTTPS in Firefox

Yes, that would be the trade for having privacy, if Firefox chooses to use DoH for the default resolver and sets Cloudflare as the default.

I suppose other options might include:

1. Recruit one or more other DoH providers willing to offer privacy, pick a random one (at start-up, for each query, or whatever)

2. Switch off privacy, preferring to give better CDN and sacrifice the user's privacy (or maybe do so outside the porn-viewing mode)

3. Incorporate this functionality but leave it unused by default (so 99% + of users never benefit)

When it comes to item (1) I think you've got the same situation as the Search box. Users _can_ pick GoodSearch, or whatever, but by default they get the search engine Mozilla picked. The DoH configuration absolutely can be changed by anybody who knows what DNS even is in the first place. Should the Mozilla corporation sell that default (assuming multiple bidders offer equivalent privacy) for $1M? It is, after all, just a default. How about for $10Bn? That's a LOT of evangelism and software development for the price of a default...

to post comments

DNS over HTTPS in Firefox

Posted Jun 6, 2018 14:37 UTC (Wed) by buchanmilne (guest, #42315) [Link] (4 responses)

> Yes, that would be the trade for having privacy, if Firefox chooses to use DoH for the default resolver and sets Cloudflare as the default.

Well, the question is, privacy from whom.

There is still no privacy from Cloudflare in this case.

How is this any better than using my ISPs DNS? The contents of my DNS requests are still (theoretically) visible by one entity (the same entity that may also be able to determine by other means the content I am viewing with varying levels of accuracy).

O, right, the US is broken and has insufficient competition in the ISP market, where in most other countries this is a solved problem (capitalistic free market!).

Thanks, but I will definitely not be enabling this feature, and will drop firefox if they make this a default.

In my country, ISPs are well regulated, we have adequate privacy laws, and my ISP:
- Is legally obligated to not give this data to any 3rd party without a warrant
- Has a much better view of the network topology than any 3rd party

For example, many ISPs have many different CDN deployments with different geographic deployments. The ISP I worked for a while ago had CDN deploymens for 4 different CDNs in 3 different data-centres. The biggest (by data volume) was deployed in 3, the next 2 were deployed in 2 DCs, the 4th in 1. And this ignores the off-network open-peering CDNs that are co-located with the CloudFlare POPs in our country.

To me it looks suspiciously like Firefox is being paid by Cloudflare to make them more attractive than other CDNs/DDoS prevention companies.

DNS over HTTPS in Firefox

Posted Jun 6, 2018 15:54 UTC (Wed) by excors (subscriber, #95769) [Link] (3 responses)

> How is this any better than using my ISPs DNS?

I think the difference is that, by choosing to use Firefox, you have already chosen to trust Mozilla to respect your privacy rights, which implies trusting their agreements with any third parties they choose to share your data with. (You can evaluate that trust based on their privacy policy, and the privacy policy they got Cloudflare to agree to, and their past record in following such policies, and comments from developers about their intentions, etc, and decide whether that trust is justified or not.)

Meanwhile you might or might not trust your ISP - that's an independent decision. (Some ISPs have a history suggesting they shouldn't be trusted as anything more than a dumb pipe, sometimes from malice and sometimes incompetence). If you trust both Mozilla and your ISP, then DoH provides no privacy benefit (well, except from anyone passively monitoring your network traffic, which is a significant benefit) but also no privacy harm. If you trust Mozilla but not your ISP, then it does provide an obvious benefit. If you don't trust Mozilla, you shouldn't be using Firefox anyway because there's a million other ways they could harm you.

DNS over HTTPS in Firefox

Posted Jun 6, 2018 17:10 UTC (Wed) by jwilk (subscriber, #63328) [Link] (2 responses)

By choosing to use your ISP, you have already chosen to trust the ISP to respect your privacy rights, which implies trusting their agreements with any third parties they choose to share your data with... Oh wait, that's not right.

Trust is not binary.

I trust Mozilla not to put backdoor in Firefox. I don't trust them at all to care about my privacy. In fact, I'm pretty sure they don't. (Hilariously, when you run Firefox for the first time, it phones home in order to show you the privacy policy.)

Similarly, I trust my ISP not to inject malicious code into my Internet traffic. I don't trust them that they don't snoop on me. I would be surprised if they didn't.

DNS over HTTPS in Firefox

Posted Jun 20, 2018 18:20 UTC (Wed) by mstone_ (subscriber, #66309) [Link]

wait, you get ISP choice?

DNS over HTTPS in Firefox

Posted Jun 26, 2018 20:10 UTC (Tue) by flussence (guest, #85566) [Link]

>I trust Mozilla not to put backdoor in Firefox.
Have they apologised yet for their use of a pre-existing backdoor to push Comcast ads in-browser to several million users last November? The closest I've seen to them even acknowledging that they got caught is a pageful of sneering corporate spin-doctoring congratulating themselves on the “shared user experience”.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds