[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

Hi,

On Thu, Sep 12, 2019 at 06:52:47PM +0200, Adam Borowski wrote:

> > I still believe that generic users are better served by deploying more 
> > censorship-resistant protocols than by worrying that Cloudflare (or 
> > whoever else) would violate the privacy requirements mandated by 
> > Mozilla.

> Sure, but DoH is less censorship-resistant not more.

The idea for resilience is "too big to block".

When Domain Fronting still worked with Google, people used this to
circumvent censorship because blocking it would have required blocking
Google, so cooperation from Google was necessary to implement effective
censorship.

For the same reason, a lot of political activism is taking place on Github,
who have a smaller target market than Google and have fewer staff exposed
in hostile political environments, so they can manage threats by
restricting employees' travel.

The same will apply to services also hosted on a big CDN, and I believe
that is the business model behind providing this service in the first
place -- pull international activists onto CloudFlare.

I expect this to bring a marked improvement for a short time, followed by
the realization at CF that they exist by the kind permission of
nation-state actors that are very interested in strategic Internet choke
points.

To put it bluntly: CloudFlare has, as a consequence of their business
model, too many employees and assets bound in various jurisdictions. Their
censorship resilience is going to be limited to countries where they do not
have a local presence.

They already need to be able to return different results depending on the
client's IP address, otherwise they break anycast or split horizon based
load balancing for everyone whose DNS they do not control themselves. This
mechanism will be used to limit the scope of governmental censorship
requests to the appropriate geographic area.

To be honest, my feeling is that CloudFlare management are not believing
this to be political at all -- it's a technical solution that improves
service for their own customers and degrades service for non-customers
(because it breaks traditional geo-based load balancing), so of course they
are going to do this.

They have a history of ignoring context, and the fallout will be
interesting to watch. In the meantime, we have a responsibility towards our
users to not expose them to unnecessary risks.

I'm fairly sure that a plugin to control the DoH setting from the
navigation bar will pop up shortly. I'd be in favour of installing it by
default (keep in mind: we are also "too big to block", so we're in the
position to give software that is useful for activists an install base that
makes it hard to identify activists by having the software installed).

   Simon
Reply to: