Re: DOH (was: geolocation services disabled and Gnome maps)
On Tue, Apr 14, 2020 at 07:06:05AM -0400, Lee wrote:
> >> Right. The ISP can't see what names the user is looking up but
> >> Cloudflare sees every single one. On the other hand, take a look at
> >> https://wiki.mozilla.org/Security/DOH-resolver-policy
> >
> > An interesting declaration. For instance:
> >
> > 1. The resolver may retain user data (including identifiable data...)
> > but should do so only for the purpose of operating the service and
> > must not retain that data for longer than 24 hours.
> > ...
> > 2. Transparency Report. There must be a transparency report published at
> > least yearly that documents the policy for how the party operating the
> > resolver will handle law enforcement requests for user data and that
> > documents the types and number of requests received and answered, except
> > to the extent such disclosure is prohibited by law.
> >
> > Thus:
> >
> > a) Cloudflare is allowed to store whatever they want for 24 hours.
> > b) They aren't forbidden to give that data to the law enforcement, which
> > is not binded by that Mozilla’s Trusted Recursive Resolver program.
>
> Maybe I'm being naive, but I'm taking the clause "except as may be
> required by law" to mean they can't just give the data to LE; there
> has to be some kind of court order compelling them to hand it over.
Probably. But I fail to see how a court order will prevent such data
leak in the described scenario.
> > c) Law enforcement entity hires some independent contractor to help them
> > store this data.
> > d) Next thing you know, everyone's DNS history is world-accessible via
> > some unprotected ElasticSearch instance on AWS.
> > e) And the best thing here is - Mozilla legally allowed it to happen.
>
> Is there some other DNS provider that has a published privacy policy?
> That's anywhere near as good as CloudFlare's?
To be frank, then you have your own DNS, there's little need to be
interested in others' privacy policies.
> To be clear - I'm not saying you should trust CloudFlare. It's just
> that I don't see a whole lot of options & quite possibly CloudFlare is
> more trustworthy than your USA ISP.
I disagree. Cloudflare serves 10-20% sites on the Internet world-wide
already. There's no need to trust them to do DNS resolution on the top
of it.
> Cool - so you would know the answer to this question: Is the chromium
> you build from source code **totally** built from source code you have
> with no binaries, libraries, DLLs, or anything else like that
> included?
I do it the same way as Debian does, from the same sources (but with the
custom patches on top on them).
So, chromium version 81.0.4044.92 contains:
1) 5412 assorted python scripts, which are executed during the build
process (maybe not all of them).
2) 16299 javascript files, but those are definitely not required by the
build process.
Since I do it for the Linux only, I could not care less if the source
tree contains EXEs, DLLs or other Windoze artifacts.
I'm definitely sure that there are no ELF executables there or pre-built
.so and .a files.
I should note, however, that Debian's chromium source is sanitized, and
certain parts of the source tree are deliberately removed.
> In other words, how trustworthy is your 'built from source code'
> chromium? Have you done any testing to see if it "phones home"?
YES! In fact, I do it after every update (once a month on average), and
check periodically just for the fun of it.
The answer is - the only connections it does without my intervention are
"trial experiment downloads" (it's clients[0-9].google.com), so I'm
looking for a patch to disable *that* too (currently I'm merely blocking
it).
Check out [1] if you're interested, that patchset rocks. Combining it
with Debian chromium patches is an interesting exercise though.
> >> > As far as the "last mile" is concerned - maybe.
> >>
> >> How about as far as the "end user" is concerned? (which is what I
> >> thought we were talking about -- clueless end-users having doh forced
> >> on them)
> >
> > It's akin to the tempered glass. I.e. it's less likely to break than a
> > normal glass, but it's still transparent. It's also akin to building a
> > castle on a sand.
> >
> > I.e. if the user does not care about security it may improve overall
> > situation somewhat, but the cost of this improvement is privacy.
>
> Do you live in the EU?
I won't answer that. Privacy.
> >> >> How many people use a dnssec validating resolver?
> >> >
> >> > See above. Besides, DNSSEC is for integrity of zones, not privacy.
> >> > You need DNS-over-TLS if you need last one.
> >>
> >> "integrity of zones" is part of "security" - yes?
> >
> > Yes. My point is that it's only a part of the security. A needed part,
> > but a part nevertheless.
> >
> >
> >> DoT or DoH - either one gets you privacy from your ISP
> >> DoT is easy to block, DoH is harder to block, so somewhat censorship
> >> resistant?
If it bothers you (it does bother me), you probably should not take DoH
as your only means of defence. An ipsec tunnel to a throwaway VPS served
me well so far, for instance.
> > Both are easily blocked in their current form, in fact, DoH is easier in
> > this regard - it makes very distinct HTTPS (i.e. tcp:443) queries to a
> > ten (at most) well-known IPs.
>
> I count a lot more than 10 DoH providers at
> https://github.com/curl/curl/wiki/DNS-over-HTTPS
curl is ahead of Firefox in this regard. But it's a good list, something
one could consider for blocking the controversial feature.
> >> >> At least Cloudflare resolvers have dnssec enabled.
> >> >
> >> > *And* the ability to see users' DNS queries. Neat, right?
> >>
> >> Yup, and probably a net win for people that don't have a clue about
> >> dns .. or at least people in the US. Do people in the EU have to
> >> worry about their ISP selling their usage data?
> >
> > No. You do not worry about something that widely happens, you deal with
> > it one way or another.
>
> you're saying that EU ISPs sell their user's online activity data?
I won't call it "selling" per se. It's rather "we provide our
sub-contractors with the data to increase the value of our services, and
we're closing collective eyes on what the contractors are doing with the
data".
I cannot disclose any names here.
Reco
[1] https://github.com/Eloston/ungoogled-chromium
Reply to:
- Follow-Ups:
- Re: DOH
- From: John Hasler <jhasler@newsguy.com>