On Sat, Sep 28, 2019 at 01:17:14AM -0400, Nicholas D Steeves wrote: > Florian Weimer <fw@deneb.enyo.de> writes: > > Cloudflare only promises to “never sell your data”. That doesn't > > exclude sharing it for free with interested parties. > > > > So a metadata leak (by design) to an unbounded number of entities, > affecting all Firefox users, at a time when this data is gold? No, that is incorrect. The full text says "CloudFlare will not sell, license, sublicense, or grant any rights to your data that we collect from DNS queries to any other person or entity without your consent." This doesn't cover APNIC's research, that's described separately. You may dislike CloudFlare and APNIC having the data at all - but the entities seem clearly bounded. In case this isn't well-known: in the US residential ISP market, this privacy policy is *far* better than anything else on offer. They commonly give ISPs much more latitute for abuse. SiteFinder-style DNS hijacking is widespread, and often cannot be disabled. "Contracts" with ISPs are one-sided: they absolve providers of any liability and force customers to preemptively waive their rights to legal action. This is probably the backdrop that Mozilla has in mind. But of course US residential internet access isn't the whole world. The commercial ISP market in the US is more reasonable. And maybe residential broadband is better off elsewhere in the world? Ross
Attachment:
signature.asc
Description: PGP signature