DNS Over HTTPS Controversy

So Firefox introduced support for DNS over HTTPS (DOH), and freebsd decided to stop updating Firefox.

Under benefits section of Firefox they say:

DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your browsing behavior.

This is abject hogwash. Here is how Wikipedia puts it:

Technology journalists have argued that DoH provides a false sense of security, as it only encrypts information that could still be obtained via non-encrypted portions of HTTPS requests, such as IP addresses and Server Name Indication.

For HTTP sites DOH provides absolutely no privacy from ISP/network sniffers in your LAN etc. For HTTPS sites, ones that use SNI, it again provides no privacy. Only for non SNI HTTPS sites, it provides domain name privacy, but even there IP is available to ISP etc.

So in short DOH in Firefox provides very dubious, almost non existent privacy.

Instead, they have added a new privacy infringement vector, the DOH provider, in this case Cloudflare.

In plain words, every single domain you access from Firefox, is going to relayed (along with your IP address) to Cloudflare. This is a major privacy concern.

Sure, TODAY, Firefox and Cloudflare are promising us that no funny business is going on. But Google promised us do no evil someday. Things change. This, if not rolled back, would last for decades, and we do not know who will be having controlling power in Cloudflare, we are being asked by Firefox and Cloudflare to not just trust them but to trust all future decisions they make etc.

You can say we have lost nothing, ISPs already have access to this data, who cares if Cloudflare also knows every domain you ever visit?

But doing so, in the name of increasing privacy, that reeks. That reeks Firefox and Cloudflare, and you should be ashamed of yourselves.

Table Of Content

Immobile v2

Link Log

August 2020

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020


Books Have Read / Recommend

Product Management Books

Badass: Making Users Awesome


Five Cs of An Organisation

Success and failure of encryption

Open Source

Observer: Observability for Rust

Realm: Web Development Framework Using Rust and Elm

MartD: Server To Browser Messages

On Writing And Formats Of Written Communications

Rust Stuff

Rust feature flags

Why is diesel not compatible with async?

Making Postgres Only Diesel Code To Also Support Sqlite

Rust Git2’s Concepts

Git Hash And Build Date In Rust Build

Systray Only Native App In Rust

Software and Tools I Use Often


DNS Over HTTPS Controversy

The Patel Motel Cartel

Standalone Complex


January 2020

Word Of The Day





Nix On OSX Catalina

Postgres: WAL / Logical Decoding

Postgres: Listen-Notify



Go All The Way

SSH Commands



Nu Shell

SHA256 vs SHA224

Pronouns Bad


Web Components

Early Return