Re: Mozilla Firefox DoH to CloudFlare by default (for US users)?
On 9/27/2019 12:23 PM, Florian Weimer wrote:
[...]>> So currently DoH is strictly worse.
>
> Furthermore, you don't have a paid contract with Cloudflare, but you
> usually have one with the ISP that runs the recursive DNS resolver.
>
> If you look at
>
> <https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/>
>
> you will see that the data is shared with APNIC for “research”:
>
> | Under the terms of a cooperative agreement, APNIC will have limited
> | access to query the transaction data for the purpose of conducting
> | research related to the operation of the DNS system.
>
> And:
>
> | Specifically, APNIC will be permitted to access query names, query
> | types, resolver location
>
> <https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/>
>
> Typically, APNIC will only see a subset of the queries if you use your
> ISP's DNS resolver (or run your own recursive resolver).
>
> Cloudflare only promises to “never sell your data”. That doesn't
> exclude sharing it for free with interested parties.
It is probably worth pointing out that Firefox's use of Cloudflare's DoH
endpoint is governed by a different policy outlined here:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
Per that policy, other third parties can only get the data with
Mozilla's written permissions. And APNIC (or any other third party) is
not mentioned.
Kind regards
Philipp Kern
Reply to: