Wouter Verhelst <wouter@debian.org> writes: > On Sun, Sep 08, 2019 at 11:17:13PM +0200, Marco d'Itri wrote: >> On Sep 08, Ondřej Surý <ondrej@sury.org> wrote: >> >> > I would rather see an explicit statement. I would be very surprised >> > with Debian’s usual stance regarding the users’ privacy that we would >> > not consider this as a privacy violation, but again I am not Firefox >> > maintainer in Debian and I would rather hear from them than speculate >> > on my own. >> I think that this is a privacy enhancement, since it prevents some major >> ISPs from spying on users DNS queries. > [snip] >> It would be a terrible signal if Debian decided to disable an >> anti-censoship feature provided by an upstream vendor. > > Except DoH is *not* an anti-censorship feature. It is a feature that > provides a net reduction in privacy. > > CloudFlare says that it won't read your DNS requests -- scout's honour! > -- but even if that's true and we can believe it, there's no reason to > assume it will continue to do so forever, past any potential future > acquisitions or CEO changes. > > Mozilla really missed the ball on this one. OpenBSD already made the > necessary changes to Firefox. I think we should, too. > +1 ! Especially because Florian Weimer <fw@deneb.enyo.de> writes: > If you look at > > <https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/> > > you will see that the data is shared with APNIC for “research”: > > | Under the terms of a cooperative agreement, APNIC will have limited > | access to query the transaction data for the purpose of conducting > | research related to the operation of the DNS system. > > And: > > | Specifically, APNIC will be permitted to access query names, query > | types, resolver location > > <https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/> > > Typically, APNIC will only see a subset of the queries if you use your > ISP's DNS resolver (or run your own recursive resolver). > > Cloudflare only promises to “never sell your data”. That doesn't > exclude sharing it for free with interested parties. > So a metadata leak (by design) to an unbounded number of entities, affecting all Firefox users, at a time when this data is gold? How is this not as bad or worse than GAFA? Regards, Nicholas
Attachment:
signature.asc
Description: PGP signature