I have a bad feeling about this...
On Fri, Jun 05, 2020 at 07:27:58AM -0400, Greg Troxel wrote:So certainly this needs to be in the next quarterly release announcement.
People have different preferences and this feature does encrypt some
traffic that wasn't encrypted before.
Yes, and it sends it (encrypted) to third parties, rather than to the
user's configured DNS.
Is there a link to the privacy policy (and auditing of it) of all of the
preconfigured providers, which addresses things like
they don't retain any information, even for debugging
they don't use the information
what they do about court orders and law enforcement requests
I totaly agree, it is a privacy disaster in all setups that had theirown (caching) DNS server already.
Sure, also in split-horizons and some other common setups...
Sorry, but its not that easy, for at least two reasons. Cited from the web-page this refers to: The use of this domain is specified by Mozilla, as a limited-time measure until a method for signaling the presence of DNS-based content filtering is defined and adopted by an Internet standards body.
This means you have to watch out when the next (probably also covert) change in firefox happens and act accordingly. But worse is, this is not working if a user sets DoH manually.
Obviously mozilla does not care about anything else than DNS-based content filtering, which in most scenarios i have seen so far is not working to everyones liking, to put it mildly. Users really do not follow the discussions about settings in firefox until they are hit with either a stick or firefox not working for them anymore. I really do not want to run the user help desk when that happens.
Cheers
|