New FF feature: DNS over HTTPS...is it really essential?

[efox99]

I have it disabled but I don't trust Cloudfare with my browsing credentials. Neither do I trust my ISP which recently suffered a hack and several accounts were compromised.

What is your take on this feature that Firefox activated yesterday to all users in US?

[mightyglydd]

They didn't here.. nor with 74b8.....
@Dunno, go figure.. https://support.mozilla.org/en-US/kb/fi ... over-https
Cloudflare? What could possibly go wrong..

[Grumpus]

This Register article might also help

[therube]

Essential?

Arguable.
You'll find reports taking both sides of that argument.

As something meaningful - to me, as something enhancing the Mozilla brand, it's like, who cares.
I'd much rather have a browser that works for me, in the way that I want, rather a browser that is nothing but fluff.

[Diorser]

For the vast majority of users, the default DNS provider is their ISP.
Even if they browse with https, there ISP necessarily already knows all the domains they visit and when, because it carries the traffic.
Therefore it does not decrease privacy to use their default ISP DNS provider.
Additionally, those DNS requests presumably stay inside the ISP network, so their being cleartext doesn’t reduce privacy either.
Now if you use instead google or cloudflare DNS over HTTPS, you give them all the domains you visit and when.
(some of the most evil corporate data predators of the internet.)

DNS Privacy – The Problem
DNS Privacy – The Solution

2018: Firefox, DNS over HTTPS and a controversial Shield Study

An open DNS privacy solution is probably a better choice than "google" or "cloudfare".
https://dnsprivacy.org/wiki/

[makaiguy]

FWIW - I'm currently running 73.0.1.
Path: Tools | Options | (Scroll down to Network Settings) Settings
[ ] Enable DNS over HTTPS is NOT checked and I have no recollection of turning it off.

Per the article cited above (Firefox, DNS over HTTPS and a controversial Shield Study) this is controlled via about:config item network.trr.mode with the following possible value settings:

• 0 means that it is disabled and not used.
• 1 Firefox uses either native DNS or TRR depending on which is faster.
• 2 uses TRR by default but will fall back to the native resolver if the name resolve fails for whatever reason.
• 3 enables TRR only mode. Only TRR is used and there is no fallback.
• 4 runs it in shadow mode which means that TRR is run in parallel for gathering data but that the native resolver is used.

In my installation, network.trr.mode is set to 0, and is not bolded, indicating this is the default value.

[mightyglydd]

FWIW - I'm currently running 73.0.1.
Path: Tools | Options | (Scroll down to Network Settings) Settings
[ ] Enable DNS over HTTPS is NOT checked and I have no recollection of turning it off.

+1 Nor with 74b9.

[Grumpus]

Also using 73.0.1. and it was off.
Noted this to the article writer at the Register.
Possibles and a complete guess: locale setting, distro default, changes in previous version affecting the implementation.
Might be any number of reasons including it's not been deployed as of yet?

[mightyglydd]

Cloudflare? What could possibly go wrong..

https://techcrunch.com/2020/07/17/cloud ... t-with-it/

[WaltS48]

Cloudflare? What could possibly go wrong..

https://techcrunch.com/2020/07/17/cloud ... t-with-it/

In at least one case, even the status page for the status page was down.

[Grumpus]

as an aside . . . Comcast/Xfinity will be providing a similar service shortly to Firefox users.
Being an experienced folder of tin foil, what happens when more then a few ISPs start to provide this form of connection.
Limitations? Fox guarding the hen house, naaah! ya think?

[Frank Lion]

https://blog.mozilla.org/blog/2020/07/1 ... amp-on-vpn

See for yourself how the Mozilla VPN works : you pay us $4.99 a month and, er, that's it.

My advice? VPN from protonVPN. More secure, less likely to turn your stuff over to the feds and, er, it's free.