I don't like it.

relevant articles

• Mar 20: https://www.ghacks.net/2018/03/20/firefox-dns-over-https-and-a-worrying-shield-study/
• Apr 2: https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/

Judging from some of the comments, looks like its more than one setting. Maybe we should just ignore it and only include it if they flip it on (which I doubt they would do except maybe in PB mode and only after a shield study). However, I have seen so many article headlines and threads saying BS about how how to enable this and telling people to do it, that I really feel like adding it to tell people to NOT do it.

and I think it needs network.dns.native-is-localhost which is also in the 59=>60 diffs

not sure what this is, a UI thing?: https://bugzilla.mozilla.org/show_bug.cgi?id=1455425

All the settings are in about:config in Dev 60.0b16 (the update to this crashed my Nvidia driver and after it recovered, all my titlebars (for everything I had open) were transparent - fun times)

^^ Seems so.

Here is a gist with network.trr info.

Whelp, certainly not adding it tot he user.js to turn it on, we'd have to specify more than one pref (eg uri, etc). So the question remains .. should we add the first pref as 0 (or 5?) to disable it (and say why: there are upsides, I just think the downsides outweigh those) .. or ignore it and pick up on future pref flipping?

https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/

... Mozilla has partnered with Cloudflare to provide direct DNS resolution from within the Firefox browser using the Cloudflare Resolver for Firefox. What this means is that whenever you click on or type a web address in the Firefox browser your DNS lookup request will be sent over a secure channel to the Cloudflare Resolver for Firefox rather than to an unknown DNS resolver, significantly decreasing the odds of any unwanted spying or man in the middle attacks.

...says one of if not the biggest private Man-In-The-Middle. Oh the irony. I read numerous CF blogposts where they talk about the oh-so-evil MitM but never once do they mention that that's precisely what they themselves are doing. Literally mitm-ing billions of requests to millions of websites!

I trust my small local ISP infinitely more than the MitM giant CF.

Pretty sad that mozilla probably throws a small fortune of their limited funds at CF for this shit.

The majority of comments in the ghacks articles seem to like it though. If we actively disable it we might piss off a bunch of people.

Maybe add the 3 main prefs that need to be configured but inactive and with the values to disable it:

/* xxxx: disable (or setup) DNS-over-HTTPS (FF60+)
 * TRR = Trusted Recursive Resolver
 * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
 * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ ***/
   // user_pref("network.trr.mode", 0);
   // user_pref("network.trr.bootstrapAddress", "");
   // user_pref("network.trr.uri", "");

or ignore it and pick up on future pref flipping. The value 5 is FF61+ but is effectively the same as 0.

If we actively disable it we might piss off a bunch of people.

And so what? I follow this repo for the privacy/security modifications it applies.
Regarding this DOH feature I simply pass it on: No,Thanks.
This feature, like others, is better managed outside the browser.

Some of the issues that can be better managed outside the browser are:

• DNS Management (it happens at system level).

• the User Agent spoofing (managed with a local proxy).

• safebrowsing, blacklisting (again proxies etc.).

For what it's worth, I'm against ignoring this. I'm all for informing users, or at least giving them (us) hints, of all the known questionable aspects of existing privacy-protecting features/practices.

As an user, I find the ghacks user.js valuable not only as a tool in the practical sense, but also as a well-organised and up-to-date source of information (even if most of it comes in the form of links).

If we actively disable it we might piss off a bunch of people.

I would only make it actively disabled if the default was that TRR/DoH was enabled (I think we're all agreed on that). As for a handful of commenters on ghacks, that holds no relevance for me.

Some of the issues that can be better managed outside the browser are...

That depends on your threat model or what you are trying to achieve. There is nothing wrong with adding application layer vs OS or Network layer controls. The underlying problem of DNS is a different thread. But what if DoH worked with OpenDNS or whatever you liked. Why force everything to use the same DNS, when you could compartmentalize it, or whatever.

MiTM etc

Yeah, not just that BS, but also the data collection. It's like using google's DNS servers .. WTF would anyone want to do that.

I'm all for informing users, or at least giving them (us) hints, of all the known questionable aspects of existing privacy-protecting features/practices

earthlng's snippet looks good. But I would want to add something about Cloudflare (users need to know WHY as :cat2: ¹ says) - or maybe we could add that as the default values change eg network.trr.uri is blank for now, so it's not even configured to work. Not sure what nightly has.

¹ :cat2: is claustromaniac

A thread

• https://old.reddit.com/r/firefox/comments/8ezpyh/why_is_firefox_not_promoting_its_dnsovertls/

Which reminds me: so you use DoH to get the address for allthingsgoaty.com (great site BTW) , and your browser loads it. Did you succeed in hiding your visit from your ISP? If you want to hide your traffic from your ISP, use a VPN.

So this 'feature' uses either Google or Cloudflare. Please note how hard they are trying to sell the 2nd one:

mozilla.cloudflare-dns.com is just like https://atavic.cloudflare-dns.com/ a wildcard on the subdomain.

In my opinion, the first trip to the Global Network must begin from the safe DNS.
This is the basis and one of very early steps intended to protect your network environment.

dnscrypt-proxy project is amazing and I beleive, this is a future standard of the Internet, growning very fast. The spirit of the freedom is there, so this definition is very similar and relative to both "ghacks-user.js" and "dnscrypt-proxy" projects.

To be familiar with this tech will be useful for everybody who interested in privacy and security questions.

(DNS over HTTPS is also supported).

Your safe DNS starting from here: dnscrypt-proxy

hows this for the extra line, sandwiched into earthlng's draft? (note: will add DoH acronym to first line)

 * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)

I think that covers it. "another party" seems a good fit, since your ISP (or VPN) will see the website requested anyway (and I got in the evil name of cloudflare)

nits?

Side note: I saw the bugzilla mentioned HTTP2 ... and I've read that elsewhere a few times... but I can't be arsed digging into it (whether it requires HTTP2 probably depends on the server?)

TBB are looking at allowing HTTP2 in the next version based on ESR60, because its isolated by FPI - damnit, can't find the ticket now

May be 1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true

^^ Nah, I meant a Tortrac ticket. FF already allows HTTP2 and Alt Services by default. I might have been confused, and they may have been talking about Alt Services, which is also covered by FPI.

Anyway, it'll be interesting to see what happens with the next TBB based on ESR60 - might take a few releases for it to settle down. Can't wait for some diffs

There's more: https://blog.cloudflare.com/welcome-hidden-resolver/

Old issue, related to CF: https://github.com/ghacksuserjs/ghacks-user.js/issues/310

whether it requires HTTP2 probably depends on the server?

Yes. Qualys lists 30% of sites using it.

766 has these:

pref("network.trr.skip-AAAA-when-not-supported", true);
pref("network.trr.wait-for-A-and-AAAA", true);

Bugzilla

Related to #470