You might like to hear about options to still use DoH and NOT #Cloudflare #Mozilla is not about to introduce a Single Point of Failure. It's testing a new standard via one of the early adopting DNS providers.
Anyways, here's a list of alternative DoH end-points! https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers
@david_ross @Digitalcourage Would the two of you mind talking about and eventually discussing that issue? Could be helpful. 😉 With all the dispute going around right now, ending (worst of all) in recommendations to immediately stop using Firefox (in favor of what??), there's a load of damage likely to be caused in communicating privacy-sensitive browser choices to end users... 😐
* please do use some caution!
That list does include some seemingly random projects. Be sure to check their privacy policies etc before making any rash decision surrounding your personal privacy and security. Use the same level of historical critique as one might throw at a large provider as Cloudflare.
Implementing the tech ≠ a guaranteed safe user choice. 😉
@david_ross I don't know about 'hyperventilating', however, it is good to be aware of what options/alternatives might become/are available, so one, at least, has choices. I'm grateful a discourse is taking place here. Thank you for your input/information. 👍
@itdm5j21 considering it's in response to a FUD article calling it all "dangerous" that's since been corrected and yet still been providing me @'s over 24 hours later - I feel it's appropriately 👋 dramatically 👋 worded.
Firefox was literally founded on providing users autonomy and there is zero sign of that vision changing.
@david_ross I've read toots, almost 'reactionary' too: others I've found helpful; yours one of them.
As progressive trial/limited resources - DoH servers, maybe there's over-reaction. People are super sensitive now. Given recent disclosures, concerns need to be accepted as legit.
I'm not questioning the mission statement and not dumping; simply watching how trial goes. You though put further information up here: I'm glad you did as on balance I'm better informed. Thank you. 😎
@david_ross I was thinking more about setting up a small DNS cache box (probably a RaspPi) on my network that would use it. Then everything on my network would have secure DNS.
Reality is that even if Firefox and CuRL support secure DNS, that's a small portion of the DNS requests coming from my network. Need to handle all the IoT, Electron Apps, etc. as well.
@ted I did this on my laptop to implement OpenNIC into `netctl` and than at least ATTEMPT to get it all working in LXC. To implement a dev container model for greater settings & data isolation. Took me so long!! Sounds like a PiHole? Best of luck with testing it though.
@david_ross and... of course, someone has done most of it before: https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/
@ted Troy Hunt also trusts all his Have I Been Pwned backend to Cloudflare. 24 hours later I'm rather drained of the topic. Nothing that a big burger won't fix 😜
@R1Rail because it is a draft standard. It's not even complete!
Use Nightly? It's an alpha version of Firefox. A tiny proportion of total users use it because they like testing things.
Mozilla ALWAYS puts its tests behind a pref.
Nightly features don't always hit the stable release. If it were to there would be an anouncement. That release would hit October 23.
Anyone can start a DoH. Even you. Your ISP. Most wait until such things are stable. Mozilla is testing in a suitably careful manner
@david_ross I unterstood it would be in firefox 62 (see https://github.com/curl/curl/wiki/DNS-over-HTTPS). Far too early for a wide deployment.
I would have called it an option if it were off by default, but no it's on. And the standard interface to firefox options does not allow to disable. You miust go to some cumbersome interface with a very cryptic name and no reference to all the options (https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference is very small indeed)
@R1Rail Alpha tests start somewhere! They started these tests May (!!) there were 3 DNS provider testing DoH
Google, Cloudflare, CleanBrowsing (which blocks adult content).
Have you taken the time to read Mozilla's articles?? "But this doesn’t mean you have to use Cloudflare. Users can configure Firefox to use whichever DoH-supporting recursive resolver they want. As more offerings crop up, we plan to make it easy to discover and switch to them." https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
@david_ross And if I do not want to use ANY of the existing DoH server ?
I do not trust any of them. I want tpo use my own DNS and HTTPS does not provide me anything except the obligation of using untested and thus buggy software.
But we agree on one point : DoH is not a mature technoclogy that's why making it compulsory is a failure. And making it compulsory to use one of very few providers is a danger.
Alpha tests belong to specilaized software, not end user one. And if DoH was so good why limit it to the browser ?
DoH may be good in some cases, not in all of them.
And since mozilla's article speaks of trust, trust is NEVER gven. Why should I trust cloudflare ? A company which puts tracking cookies on all connections it manages (far too many) ?
@david_ross In the projected scenario, DNS requests goes eover HTTPS to a centralized point, which then does a standard unencrypted request. It may work when your LOCAL network is less trustwirthy than cloudflare. I have no trust AT ALL in ANY big company which centralizes internet. Much less than in my local network. So for me DoH is LESS secure than standard DNS, and this movce to DoH is a move to LESS secure networking.
having choice between google, cloudflare or facebook is very BAD news.
@david_ross I wonder. Has the IETF considered letting clients lookup domain names known to a resolver using hash prefixes?
Because I think no matter how poor DNS is in regards to privacy if there's to be an upgrade I think those who care about it want to not have to trust the resolver so much.
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!