Fifthtry

DNS Over HTTPS Controversy

Around 24th Jan 2020, Firefox introduced support for DNS over HTTPS (DOH), and freebsd decided to stop updating Firefox.

Under benefits section of Firefox they say:

DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your browsing behavior.

This is abject hogwash. Here is how Wikipedia puts it:

Technology journalists have argued that DoH provides a false sense of security, as it only encrypts information that could still be obtained via non-encrypted portions of HTTPS requests, such as IP addresses and Server Name Indication.

For HTTP sites DOH provides absolutely no privacy from ISP/network sniffers in your LAN etc. For HTTPS sites, ones that use SNI, it again provides no privacy. Only for non SNI HTTPS sites, it provides domain name privacy, but even there IP is available to ISP etc. And for non SNI HTTPS sites, domain to IP and IP to domain is one to one mapping, so there just knowing what IP you connect to is sufficient to let ISPs know what domain you are accessing.

So in short DOH in Firefox provides very dubious, almost non existent privacy.

Instead, they have added a new privacy infringement vector, the DOH provider, in this case Cloudflare.

In plain words, every single domain you access from Firefox, is going to relayed (along with your IP address) to Cloudflare. This is a major privacy concern.

Let me repeat, this change does not hurt ISPs ability to access this data, this only only provides Cloudflare access to this data, that they did not have before this change.

Doing so, in the name of increasing privacy, that reeks. That reeks Firefox and Cloudflare, and you should be ashamed of yourselves.

Table Of Content

Immobile v2

this-ambiguation

Rust: Or Type

Project Primer

Cross TimeZone Invite Rule

Link Log

Oct 2020

August 2020

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020

Recommendations

Books Have Read / Recommend

Product Management Books

Badass: Making Users Awesome

Movies

Five Cs of An Organisation

Success and failure of encryption

Open Source

Observer: Observability for Rust

Realm: Web Development Framework Using Rust and Elm

MartD: Server To Browser Messages

On Writing And Formats Of Written Communications

Rust Stuff

fbt: Folder Based Test-Runner

dmax: Cargo Dependency Updater

Rust feature flags

Why is diesel not compatible with async?

Making Postgres Only Diesel Code To Also Support Sqlite

Rust Git2’s Concepts

Git Hash And Build Date In Rust Build

Systray Only Native App In Rust

Software and Tools I Use Often

IPFS

DNS Over HTTPS Controversy

The Patel Motel Cartel

Standalone Complex

Awesome

January 2020

Word Of The Day

Monkey

Positions

ViM

Emacs

Nix On OSX Catalina

Postgres: WAL / Logical Decoding

Postgres: Listen-Notify

Wisdom

Rules

Go All The Way

SSH Commands

Lovelace

Sorry

SHA256 vs SHA224

Pronouns Bad

Ghost

Web Components

Early Return