Este DNS over HTTPS o mizerie marca Firefox?

Nu doar ca DoH e o mizerie care nu respecta setarile SO-ului ci se pare ca are consecinte serioase.

The Internet Watch Foundation and the Internet Service Providers Association (ISPA)—a trade association representing UK ISPs, criticised Google and Mozilla for supporting DoH, as they believe that it will undermine web blocking programs in the country, including ISP default filtering of adult content, and mandatory court-ordered filtering of copyright violations. Mozilla responded to allegations by the latter (who nominated Mozilla as an "internet villain"), arguing that it would not prevent filtering, and that they were "surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure".[23][24] On 9 July 2019, the ISPA withdrew Mozilla's "Internet Villain Nomination and Category."

"as they believe that it will undermine web blocking programs in the country" -- adica DoH nu se impiedica de cenzura ....
UK sa faca ce-a facut China, sa-si faca retea locala pe insula lor, sa ne lase internetul liber.

E LIBER PE DRACU

Mozilla partnered with Cloudflare, because CF are specializing in defense agains DDoS attack and other attacks. Cloudflare have staff that is working 24/7 to keep they infrastructure working despite constant DDoS attacks.
There are also different modes how DoH client works in Firefox. network.trr.mode specifies that. For example value 2 means "Use TRR first, and only if the name resolve fails use the native resolver as a fallback.". It wouldn't bork all users if Mozilla would set 2 as default.

1) How does encrypting DNS traffic inhibit website traffic filtering? Once someone has done the DNS lookup, by whatever means, they are then going to go the website in question directly, and that can be blocked, etc. If they're using a VPN tunnel, then no, but by the same token the DNS request would be hidden from the ISP too.

2) How can Mozilla disable HoT in the UK? If you download firefox you get the same tarball everywhere don't you?

3) Why doesn't Mozilla just set up a reliable DNScrypt-proxy server and publicize it? Is it because it's too difficult for most users to enable the use of this on their computers?

One concern is that switching to encrypted DNS would prevent ISPs and others from spying on their users. The other is that, in the process of enabling DoH, Google will switch millions of users over to Google's own DNS servers, leading to a dangerous concentration of control over DNS.

MarianG, on 02 octombrie 2019 - 11:59, said:

Banuiesc ca nu vede nimeni o miscare de marketing in treaba asta, nu? Astfel incat sa atraga mai multi useri de genul celor blocati de firewalluri prin diverse institutii si companii...

It's all about privacy my big ass.

Cererile DNS trebuie sa fie private nu sa vada oricine cererile clientilor. Cine nu intelege ca pasul asta trebuie facut pt un internet liber, poate sa se duca in China sa foloseasca internetul filtrat de acolo.

Singura problema care o vad aici e ca exista posibilitatea ca anumite aplicatii sa foloseasca propriile DNS-uri ptr a se conecta la net, blocand posibilitate filtrarii chiar de catre utilizator.

Mai rau este ca anumite device-uri vin cu DNS hardcoded in ele - vezi Roku.
Acasa folosec un Pi-Hole ca sa blochez reclame si site-uri cu malware. Am tot facut experimente. Orice as face, TV-ul meu Samsung tot se conecteaza la anumite site-uri. Chiar si fara DNS setat in el iar DNS-ul din router fiind fals.

1. Without DNS blocking you may block by IP, but it lowers granularity of filtering. HTTP service on one server may serve webpages for many domains owned by different people and companies. DNS blocking is good enough for blocking content for most users.
2. When I download Firefox installer for Windows I choose installer with language used in my country. There are many installers because there is more than one language in the world... Also OS specifies language to programs by environment variables.
3. A lot of work and other resources is needed to setup and operate open DNS server. For example it must be resistant against DDoS attacks.

diZy, on 02 octombrie 2019 - 12:53, said:

La tine acasa - da, cu siguranta. Dar la altul acasa sau in public?

diZy, on 02 octombrie 2019 - 12:53, said:

Si cam cum arata internetul asta liber?

[ https://www.youtube-nocookie.com/embed/pjin3nv8jAo?feature=oembed - Pentru incarcare in pagina (embed) Click aici ]

eiffel, on 02 octombrie 2019 - 12:54, said:

Si zici ca Firefox sau Google le pavaeaza calea spre reclame a unora sau spre tracking a altora? Uau, cine ar fi crezut?!

Ce nu baga nimeni de seama, DNS over HTTPS == data exfiltration == gaura de securitate imensa in orice institutie din orice domeniu. Dap exista si se foloseste efurtul de date via cereri DNS bogus, am vaga idee cum ca, colegul dexterash are idee despre ce zic. Deci pentru astia cu "internetu' liber" am o intrebare: "Cum te asiguri ca datele tale nu sunt furate folosindu-se DNS data exfil daca in cadrul retelei folosesti DoH"?

Mozilla Corporation si Google sunt un cancer, niste mizerii care daca nu ar exista, lumea ar fi un loc mai bun. Eh mai sunt si altii dar lista e prea lunga ca sa ii amintesc pe toti.

dar tu tot la Tails ai ramas?

Neah. Ca am nevoie de ceva care sa imi permita sa instalez un GNS3, un VMWare un VirtualBox, ca mai fac si alte chestii in afara de a ma da pe internet. Eu sunt fidel Arch. Si desi imi manca ficatii din anumite puncte de vedere am ramas la Opera insa ma tot joc cu firewall-ul si cam blochez ce se poate inclusiv mizeria de la goagle adica HTTPS over UDP sau cum mama masii ii zice (443/UDP nu e permis) si ce mai nimeresc. As renunta la conexiunea la internet, minus plata unor facturi o data pe luna daca nu as fi nevoit sa ma uit pe linkedin si prin alte parti dupa un loc de munca.

Quote

Nu neaparat - creeaza un precedent in care fiecare aplicatie se poate conecta la net indiferent de setarile tale de filtrare.
Si cum am zis mai sus problema apare si la echipamente hardware "smart".

MembruAnonim, on 02 octombrie 2019 - 13:32, said:

De parca datele sau viata lor privata ar avea vreo valoare...

eiffel, on 02 octombrie 2019 - 13:44, said:

Ce-ai patit? Ce setari de filtrare? Noi nu folosim din astea - noi estem cu 'nternetu' liber!

eiffel, on 02 octombrie 2019 - 13:44, said:

Stai sa vezi cand se va implementa pe hardware de genul ESP32 sau alte porcarii ultra-mici, de nici nu mai stii cine'ti suge datele si viata privata si cine nu... Oh well... Bine, si pana acum se putea intampla, dar era nitel mai complicata conectarea direct pe un IP (care putea fi blocat, banat &co).

Viata privata nu are valoare pentru ei pana in acel punct cand nu mai e privata. Ah si atunci vor boci pe unde pot cum le-au fost furate datele si cum viata lor nu mai e a lor. Pana atunci o vor da inainte cu "internetul liber".

Intrebare pentru public: "Cand si cat de libera a fost interconectarea de retele numita internet?"