Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?

To: Marco d'Itri <md@Linux.IT>
Cc: debian developers <debian-devel@lists.debian.org>, team+pkg-mozilla@tracker.debian.org
Subject: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
From: Ondřej Surý <ondrej@sury.org>
Date: Fri, 13 Sep 2019 12:40:58 +0200
Message-id: <[🔎] B692CAC8-72CD-4D95-80B4-2093CB73ACE1@sury.org>
In-reply-to: <[🔎] 20190913102509.GA23990@bongo.bofh.it>
References: <[🔎] EE779388-626F-4853-BC0B-AD79B18F0731@sury.org> <[🔎] 20190908211713.GA30275@bongo.bofh.it> <[🔎] 20190908223803.GB11482@angband.pl> <[🔎] 20190910174657.GA30797@bongo.bofh.it> <[🔎] a0fe14a7-8b0e-1273-8c65-8d4f3c0cc8ca@debian.org> <[🔎] 20190913102509.GA23990@bongo.bofh.it>

> On 13 Sep 2019, at 12:25, Marco d'Itri <md@Linux.IT> wrote:
> 
> We are talking about preventing large scale censorship (I do not think 
> that this is really about privacy) for *general users*: obviously *we* 
> already know about countless workarounds.

That’s a false statement. Right now, we are talking about sending _all_ your queries from
just **one** application - Mozilla Firefox.  And what’s worse - if we are talking about protecting
the users, it could lead to a false sense of protection - any other application in the system
will send the DNS queries through stub resolver (e.g. most probably to whatever the system
gets from the DHCP).

Again, please note, I am not advocating against DoH or DoT, I just think we need to do
a better job to protect our users than blindly following Mozilla’s lead by enabling it by default
without explicit user consent.

BTW there’s a new initiative - Encrypted DNS and if you look closely, ISC is on the list of
participants from the very beginning.  There’s no doubt that we need to encrypt DNS, but
in a way that won’t lead to every app sending it’s DNS queries to a different resolver.

Ondrej
--
Ondřej Surý
ondrej@sury.org

Reply to:

Follow-Ups:
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>

References:
- Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Ondřej Surý <ondrej@sury.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Thomas Goirand <zigo@debian.org>
- Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
  - From: Marco d'Itri <md@Linux.IT>

Prev by Date: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Next by Date: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Previous by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Next by thread: Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
Index(es):
- Date
- Thread