Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
> On 13 Sep 2019, at 12:25, Marco d'Itri <md@Linux.IT> wrote:
>
> We are talking about preventing large scale censorship (I do not think
> that this is really about privacy) for *general users*: obviously *we*
> already know about countless workarounds.
That’s a false statement. Right now, we are talking about sending _all_ your queries from
just **one** application - Mozilla Firefox. And what’s worse - if we are talking about protecting
the users, it could lead to a false sense of protection - any other application in the system
will send the DNS queries through stub resolver (e.g. most probably to whatever the system
gets from the DHCP).
Again, please note, I am not advocating against DoH or DoT, I just think we need to do
a better job to protect our users than blindly following Mozilla’s lead by enabling it by default
without explicit user consent.
BTW there’s a new initiative - Encrypted DNS and if you look closely, ISC is on the list of
participants from the very beginning. There’s no doubt that we need to encrypt DNS, but
in a way that won’t lead to every app sending it’s DNS queries to a different resolver.
Ondrej
--
Ondřej Surý
ondrej@sury.org
Reply to: