A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Firefox to enable DNS-over-HTTPS by default to US users



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old February 26th 20, 03:40 AM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
Arlen Holder[_6_]
external usenet poster
 
Posts: 306
Default Firefox to enable DNS-over-HTTPS by default to US users

Firefox to enable DNS-over-HTTPS by default to US users
https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/

Firefox turns encrypted DNS on by default to thwart snooping ISPs
https://arstechnica.com/information-technology/2020/02/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps/

I never really understood DNS' impact on privacy, where, I hope others can
explain why this is a "good thing" for users of the Firefox browser on
Windows and what we can do with our "other" web browsers...
Ads
  #2  
Old February 26th 20, 01:06 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
JJ[_11_]
external usenet poster
 
Posts: 744
Default Firefox to enable DNS-over-HTTPS by default to US users

On Wed, 26 Feb 2020 02:40:27 -0000 (UTC), Arlen Holder wrote:
Firefox to enable DNS-over-HTTPS by default to US users
https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/

Firefox turns encrypted DNS on by default to thwart snooping ISPs
https://arstechnica.com/information-technology/2020/02/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps/

I never really understood DNS' impact on privacy, where, I hope others can
explain why this is a "good thing" for users of the Firefox browser on
Windows and what we can do with our "other" web browsers...


Common DNS protocl doesn't encrypt DNS queries, so ISPs can monitor what
sites users are trying to resolve (from host name to IP address), in order
to connect to a site. This also means that ISPs can block connection to
sites based on host names.

With DNS over HTTPS, DNS queries are passed through a secure HTTP protocol -
where all data are encrypted. ISPs won't be able to know what host names is
being queried.
  #3  
Old February 26th 20, 02:08 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
Mayayana
external usenet poster
 
Posts: 6,438
Default Firefox to enable DNS-over-HTTPS by default to US users

"JJ" wrote

| With DNS over HTTPS, DNS queries are passed through a secure HTTP
protocol -
| where all data are encrypted. ISPs won't be able to know what host names
is
| being queried.

Then the question is, do we trust Mozilla? Will Google
want that data in exchange for their funding? And do we
trust Cloudflare, the DNS server they're using? I recently
set up Unbound, which is a DNS resolver. It's a pain to set up.
(OSS, no docs, the typical problems.) But it takes care of
DNS over HTTPS. No need to trust Firefox. DNS is a
system function that Firefox is offering to take over.

Unbound can also be set up to go to the top:
Instead of always going to one DNS server it goes to the
servers that hold the lists of servers. So it goes to server A
and asks for the address of whatever server handles acme.com,
then it goes to that server to get the Acme IP address.
(I confess I'm not an expert on this. I don't know the term
for the top-level servers.)

DNS over HTTPS is political protection in restricted countries
like Iran or Russia or China. But in the US it's still relevant.
Many ISPs will set their own servers as DNS. If they don't sell
the data now, they may in the future. Net neutrality, so far,
is not being supported. There's little support for limiting company
spying to the expectations of common decency. And most
in Congress don't even understand these issues. Of the ones
who do, the majority favor allowing the rich to exploit the
system. So it's up to us to enforce privacy to the extent that
we can.

(I recently sent a letter to my senators about privacy
issues. One is Ed Markey, who's among the most active and
literate in terms of online issues. The other is Elizabeth Warren.
I sent her a typed letter via postal mail, attempting to
outline the growing risks of corporate surveillance, using
simple examples like grocery store loyalty cards. I got back a
generic response that began, "Thank you for your interest in gun
control!" Meanwhile, Markey is being threatened by a young
Kennedy who thinks he deserves a crown for simply being a
Kennedy, and Elizabeth Warren wants to be President. What's
wrong with this picture? This is not fat cat plutocrats threatening
the Web. It's Democrats, lying to us and battling each other!)


  #4  
Old February 26th 20, 03:49 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 60
Default Firefox to enable DNS-over-HTTPS by default to US users

On 2020-2-26 10:40, Arlen Holder wrote:
Firefox to enable DNS-over-HTTPS by default to US users
https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/

Firefox turns encrypted DNS on by default to thwart snooping ISPs
https://arstechnica.com/information-technology/2020/02/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps/

I never really understood DNS' impact on privacy, where, I hope others can
explain why this is a "good thing" for users of the Firefox browser on
Windows and what we can do with our "other" web browsers...

Firefox has abandoned XP. Aside from that, enabling DNS-over-HTTPS by
default to US users, not chinese users instead, is rather strange. It
makes me think of once a time Gtalk enabling encryption in English
version while doing plain text communication in chinese version. What
could that be for?

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #5  
Old February 26th 20, 04:45 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Firefox to enable DNS-over-HTTPS by default to US users

Lu Wei wrote:
On 2020-2-26 10:40, Arlen Holder wrote:
Firefox to enable DNS-over-HTTPS by default to US users
https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/


Firefox turns encrypted DNS on by default to thwart snooping ISPs
https://arstechnica.com/information-technology/2020/02/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps/


I never really understood DNS' impact on privacy, where, I hope others
can
explain why this is a "good thing" for users of the Firefox browser on
Windows and what we can do with our "other" web browsers...

Firefox has abandoned XP. Aside from that, enabling DNS-over-HTTPS by
default to US users, not chinese users instead, is rather strange. It
makes me think of once a time Gtalk enabling encryption in English
version while doing plain text communication in chinese version. What
could that be for?


The Great Firewall will block access to the CloudFlare server.
The DNS address for the feature, should be easy to block.

Then the scheme won't work.

Turning it on by default, would mean the browser "would not
work out of the box". This is hardly a desirable result, however
well intentioned.

Paul
  #6  
Old February 27th 20, 10:52 AM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
JJ[_11_]
external usenet poster
 
Posts: 744
Default Firefox to enable DNS-over-HTTPS by default to US users

On Wed, 26 Feb 2020 08:08:51 -0500, Mayayana wrote:

Then the question is, do we trust Mozilla? Will Google
want that data in exchange for their funding? And do we
trust Cloudflare, the DNS server they're using?


Personally, I don't trust anything. But it's still better than Google's. And
I have to use one, at least.

I recently
set up Unbound, which is a DNS resolver. It's a pain to set up.
(OSS, no docs, the typical problems.) But it takes care of
DNS over HTTPS. No need to trust Firefox. DNS is a
system function that Firefox is offering to take over.


Unbound doesn't seem to support DoH accoring to its description on its
official "About" web page, as well as Wikipedia; or may be they don't
mentioned it. But it's an encryption-only DNS resolver, so it's a good
alternative for DoH. It also support DNSCrypt, which I'm currently using.
Worth a look.
  #7  
Old February 27th 20, 10:57 AM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
JJ[_11_]
external usenet poster
 
Posts: 744
Default Firefox to enable DNS-over-HTTPS by default to US users

On Wed, 26 Feb 2020 10:45:29 -0500, Paul wrote:

The Great Firewall will block access to the CloudFlare server.


Ugh. A lot of sites would be broken because of that.

That... makes me wonder how it would be like browsing the net behind that
Great Firewall. Is there any Chinese proxy I could use?
  #8  
Old February 27th 20, 03:38 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 60
Default Firefox to enable DNS-over-HTTPS by default to US users

On 2020-2-26 23:45, Paul wrote:

Firefox has abandoned XP.Â* Aside from that, enabling DNS-over-HTTPS by
default to US users, not chinese users instead, is rather strange. It
makes me think of once a time Gtalk enabling encryption in English
version while doing plain text communication in chinese version. What
could that be for?


The Great Firewall will block access to the CloudFlare server.
The DNS address for the feature, should be easy to block.

Then the scheme won't work.

Turning it on by default, would mean the browser "would not
work out of the box". This is hardly a desirable result, however
well intentioned.


That seems a reasonable point, yet apart from CloudFlare there are quite
a lot of DoH servers. I use dnscrypt-proxy to act as a local DoH server,
which incorporates a list of hundreds of servers. Even they were all
blocked, Firefox could use normal DNS as fall-back option (and give out
a warning of course).


--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #9  
Old February 27th 20, 03:41 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 60
Default Firefox to enable DNS-over-HTTPS by default to US users

On 2020-2-27 17:57, JJ wrote:
On Wed, 26 Feb 2020 10:45:29 -0500, Paul wrote:

The Great Firewall will block access to the CloudFlare server.


Ugh. A lot of sites would be broken because of that.

That... makes me wonder how it would be like browsing the net behind that
Great Firewall. Is there any Chinese proxy I could use?

Slow, broken, frustrating. You won't like that.

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #10  
Old February 27th 20, 07:16 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
J. P. Gilliver (John)[_7_]
external usenet poster
 
Posts: 603
Default Firefox to enable DNS-over-HTTPS by default to US users

In message , Mayayana
writes:
"JJ" wrote

| Unbound doesn't seem to support DoH accoring to its description

I had to look that up. Turns out you're not referring to the
Phillipine Dept. of Health.


It had been mentioned three lines earlier - in text quoted by JJ from,
let me see ... ah yes ... (-:
[]
(OK, I'll admit I too wondered, when I saw it in JJ's post. But I found
what it referred to, as I've said, in the same post three lines
earlier.)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

You can believe it if it helps you to sleep. - Quoted by Tom Lehrer (on
religion, in passing), April 2013.
  #11  
Old February 27th 20, 08:57 PM posted to alt.comp.os.windows-10,alt.comp.freeware,microsoft.public.windowsxp.general
R.Wieser
external usenet poster
 
Posts: 1,302
Default Firefox to enable DNS-over-HTTPS by default to US users

John,

However, the _address_ (URL) of the website is sent to the DNS in the
clear,


Normally the domain name is also send in the clear in the first datablock of
an (attempted) SSL handshake ...

Afaik it /can/ be switched off*, but don't ask me how I would do that on my
FireFox v52 browser (if anyone knows feel free to tell me).

*but that could create problems when, IIRC, the actual domain is on a shared
hosting, or simply behind load-balancers and the like.

In other words, its not only the DNS request that needs to be updated.

Regards,
Rudy Wieser


 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 12:08 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.