[talk] DoH and Firefox
george at ceetonetechnology.com
Thu Jul 8 17:06:09 EDT 2021
Should be a refresher for anyone who was at the "moments before COVID
Vixie meeting" March 3 2020...
Last night I mentioned the DOH/DNS over HTTPS (versus DOT/DNS over TCP)
and Firefox and it's in the news today:
Gotta love the headline:
Firefox extends privacy and security of Canadian internet users with
by-default DNS-over-HTTPS rollout in Canada
While it's not just Cloudflare as the sole DoH provider with Mozilla's
Trusted Recursive Resolvers, it does mean that operating system and
network settings are bypassed by the browser.
Encrypting DNS lookups is the right thing to do, without question, but
that's why DoT is the better direction. Tor Browser solved this issue a
long while ago with tor-resolve.
Again, a useful example of privacy in relation to anonymity. You will
gain privacy over regular UDP/53 DNS unencrypted lookups, and enjoy the
centralization of all your resolving with one of the TRR members. They
will work very hard to keep your lookups private from parties like your ISP.
And then they end up with all the metadata anyone needs to know about
your internet browsing activities.
All in the name of privacy, of course.
More information about the talk