Firefox Begins Enabling DNS-over-HTTPS for Users
- Anmelden oder Registrieren um Kommentare zu schreiben
And guess what:
"By default, Firefox ships with support for relaying encrypted DoH requests via Cloudflare's DoH resolver, but users can change it to any DoH resolver they want"
So by default Firefox comes with home page google.com and is tightly integrating every DNS request with Crimeflare.
Good luck to all those who still believe in Mozilla's "privacy respecting" nonsense.
"The plan is actually to deprecate PureBrowser as Mozilla doesn't share the same goals we put forward and that makes it a lot of work to ensure that our user's privacy is protected." [1]
DNS-over-HTTPS is good for privacy. The article you linked to explains why:
When Mozilla announced it was working for support DoH in Firefox, privacy advocates rejoiced, and for good reasons, as DoH would allow dissidents and other oppressed groups to bypass web traffic filters set in place in oppresive regimes.
As written in the quote you made, "users can change [Cloudflare's DoH resolver] to any DoH resolver they want". There has to be a default if you want average users to be able to escape traffic filtering. What default would you suggest? It is a choice Abrowser will have to make.
The basic idea is excellent but the implementation will be lame... Mozilla is already saying that they will disable it in cases the ISP wants it or if there is a Parental Control Filter in place. Basically "Hey we made this cool thing it allows for users to have privacy from their ISP and Government, but we will disable it if those ISP and Government wants us to".
But hopefully Abrowser and other Free Software projects will turn this into a good thing.
I am strongly against any DNS encryption. If popular browsers support DoH or other DNS securing, the Chinese authorities will surely improve the ways in which they censor websites, making it even harder to bypass the Great FireWall. (Currently, the way in which Chinese authorities censor many websites is just simply DNS spoofing, which is fairly easy to bypass.)
I understand your position based on your own personal need, but cannot agree with the argument. Keeping our security weak will not make sure the attacker won't attack. On the other hand working on making our security stronger will make it more resilient when the attacker decides to attack.
I think DNS needs to be strongly improved to be usable in a secure way, today and in 10 years from now. Otherwise it needs to be replaced (and that's not probably happening so...)
- Anmelden oder Registrieren um Kommentare zu schreiben