Firefox Promises UK Government DNS-Over-HTTPS Won't Be Default in UK (gizmodo.co.uk) 118
"Despite looking to make DNS-over-HTTPS the default for its American users, Mozilla has assured culture secretary Nicky Morgan that this won't be the case in the UK," reports Gizmodo:
DNS-over-HTTPS has been fairly controversial, with the Internet Services Providers Association nominating Mozilla for an 'Internet Villain' over the whole thing, saying it will "bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK."
In his letter to Morgan, Mozilla vice president of global policy, trust and security, Alan Davidson, stressed that the company "has no plans to turn on our DNS-over-HTTPS feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders". He did add that Mozilla does "strongly believe that DNS-over-HTTPS would offer real security benefits to UK citizens. The DNS is one of the oldest parts of the internet's architecture, and remains largely untouched by efforts to make the web more secure.
"Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity. People's most personal information, such as their health-related data, can be tracked, collected, leaked and used against people's best interest. Your citizens deserve to be protected from that threat."
In his letter to Morgan, Mozilla vice president of global policy, trust and security, Alan Davidson, stressed that the company "has no plans to turn on our DNS-over-HTTPS feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders". He did add that Mozilla does "strongly believe that DNS-over-HTTPS would offer real security benefits to UK citizens. The DNS is one of the oldest parts of the internet's architecture, and remains largely untouched by efforts to make the web more secure.
"Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity. People's most personal information, such as their health-related data, can be tracked, collected, leaked and used against people's best interest. Your citizens deserve to be protected from that threat."
Hopefully, this can be toggled on via config (Score:4, Insightful)
So, don't make it a default, but provide an option in about:config where it's simple and easy to turn on.
Some of us prefer to control our own browsing experience, thank you very much.....
Re:Hopefully, this can be toggled on via config (Score:5, Informative)
Hopefully, this can be toggled on via config
Yes, of course it can!
https://support.mozilla.org/en... [mozilla.org]
You don't even have to use Cloudflare's DoH servers if you don't like, you can point firefox at your own server. should you choose.
Some of us prefer to control our own browsing experience, thank you very much.....
then firefox is an excellent choice for that.
Re: (Score:2)
You don't even have to use Cloudflare's DoH servers if you don't like, you can point firefox at your own server. should you choose.
What would be the point of this, as if the sever can be identified as your own, someone can just snoop on the unecrytped upstream requests from that server and tie them to you?
Re: (Score:2)
It doesn't have to be "your" DNSoH server, it would be like much of the way the internet works today. So the server would be your ISP's or (got help you) Google's DNSoH server.
That this system is brand new and there's limited number of them out there, using Cloudflare's as a default seems sensible way to move things forward without the catch-22 of nobody providing the server because nobody uses the system because nobody has a server to use.
Re: Hopefully, this can be toggled on via config (Score:1)
Re: (Score:3)
What would be the point of this, as if the sever can be identified as your own, someone can just snoop on the unecrytped upstream requests from that server and tie them to you?
I'm glad you asked!
There are many potential reasons and not all snooping is equal. And security through obscurity is contrary to popular myth actually a worthwhile form of security. So, reasons in no particular order:
* You might run a server in a different jurisdiction so even if outgoing requests are logged it's much harder for local
Re: (Score:2)
What do you have against "Onion" and why are you de-capitalizing it in acronym, all the while capitalizing "The"?
Re: Hopefully, this can be toggled on via config (Score:2)
Re: Hopefully, this can be toggled on via config (Score:4, Informative)
How does it prevent you modifying the reply? Maybe it's not in the spec bit presumably this feature would be easy to implement?
The reply is encrypted, you'll need either the private keys for each domain or have the browser trust some sort of self-signed root in order to generate custom replies for random domains.
As encryption increases, so will filtering get less useful. I give it 3 years before Google makes encrypted SNI and signed DNS a requirement for search engine listings and about 5 years before Firefox and Chrome start phasing out older protocols that don't support full encryption.
Proxies and "smart" firewalls of any sort (eg. in a work environment) will become useless as DNS will go over HTTPS and TLS 1.3 will start encrypting the host headers. More and more people are also using VPN, CloudFlare now coming with a free VPN service themselves. Once most people are on their own private VPN, controlling devices in a corporate environment will be over.
Not sure why the lameness filter is triggered on this...
Re: (Score:1)
Nah.
Autocrats don't care about this. They'll just get the CA's root keys where they can, or have users to install a root cert where they can't, decrypt everything, and block what they can't decrypt. Easy. Well, it's complicated and expensive, but it's straightforward.
So it doesn't do shit for privacy where privacy really matters.
Admitedly it does help a bit where 'the autocrat' doesn't really care, and considers DNS sniffing or blocking a nice to have more than anything else. Which is really a western world
Re: (Score:2)
Once most people are on their own private VPN, controlling devices in a corporate environment will be over.
That is highly unlikely. Corporate environments often have legal and regulatory obligations to meet, and allowing devices with inadequate safeguards onto their networks makes that impossible. No-one big is going to risk the liability that goes with that. If the corresponding corporate IT infrastructure becomes ineffective, it will be BYOD that is over.
Re:Hopefully, this can be toggled on via config (Score:5, Insightful)
Nah, I prefer the option that pops up on your home page, the first time you run it. You know, LOOK HERE IF YOU WANT TO PROTECT YOUR PRIVACY, click this button to turn on DNS over HTTPS and tell the autocrats to go fuck themselves, and even include the automatic email template, to send that message to your local MP, you know, "I use DNS over HTTPS go fuck yourself".
I prefer that option, thank you very much, to each his own I suppose.
Re: (Score:1)
That's cute.
I got news for you. Autocrats - real ones - will happily enforce root keys that allow them to decrypt your personal stuff and block traffic when they can't. Why do you think Hong-Kong is all about mesh networks?
So really, you're not sticking it up to anyone. You're just relying on a government not really caring where on the internet you go.
I'll tell you what else you're allowing, though:
- that hosts file you had preventing traffic to facebook? Gone.
- that security filter you paid for, or maybe g
Re: (Score:2)
Re: (Score:1)
Yes, it can... for now. Until the next promise Mozilla makes to the UK government. Hopefully, Firefox will remain open source, so we will still be able to hack and recompile it.
Re: (Score:2)
Yeah, why is an open source project making guarantees to a govt that they'll leave it weakened by default?
Re: (Score:2)
The exact quote is "has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders".
That is not a "guarantee they'll leave it disabled by default". It just means they won't do it "yet".
Re: (Score:2)
Because the UK government mandates a certain level of internet filtering. Right now ISPs are able to comply with this using crude, easily-bypassed DNS filtering - but if that ceases to be effective, they'll have to resort to more intrusive and expensive means of filtering instead.
Re: (Score:2)
why hack it? Seriously, just look first, be stupid on your own time :-)
https://support.mozilla.org/en... [mozilla.org]
Re: Hopefully, this can be toggled on via config (Score:2)
I can understand that encrypted DNS requests are useful, but they open a different can of worms too that can be as bad as doing them in the open.
Re: (Score:2)
...like what?
Firefox Plugin (Score:1)
Someone will make an easy to use plugin to make the changes for you.
LOL!!! :-)
Problem solved.
Re: (Score:3)
The UK is shit in many ways, but its no more an authoritarian police state than the US is, so please spare us the hyperbole. I'm guessing from your referendum jibe that you have an agenda to push.
Re:Firefox Plugin (Score:5, Interesting)
Yes, yes it is. Censorship is a thing, if you consume or produce "indecent" things (1st amendment), you cannot own a gun (2nd amendment), the queen literally owns everything (3rd amendment) and the state has no limits (4th amendment), you can be forced to divulge your own passwords (5th amendment).
Gays were literally castrated until the 1970's and it was still illegal to be gay if you were under 21 into the 1990's.
There's a reason the US declared independence from the UK and the UK hasn't changed that much politically.
Re: (Score:1)
here's a reason the US declared independence from the UK and the UK hasn't changed that much politically.
If anything its gotten worse. Now they are actively replacing their own population with a new breed of middle eastern serfs and will happily jail you for reporting on the child rapes happening in the country.
The UK is one step away from full blown communism and/or civil war (fought with tooth picks and nasty words because they have no weapons). The acid attacks in London alone should have caused massive changes but the sheeple of the UK are so asleep that they'll watch sit and rest while friends and family
Re:Firefox Plugin (Score:4, Interesting)
There's a reason the US declared independence from the UK
The generally understood reason, outside the USA anyway, by anyone sad enough to have wondered is so that wealthy merchants did not have to pay their share of taxes.
Well... we have universal health care (for now), some of our rich pay their taxes, our supreme court is not under the control of our leader Boris and our kids are much less likely to get shot in school than yours.
1 If someone wants kiddy pics, I am fine with them being censored. They don't just invent new laws on the fly
2 I was taught to use firearms by the British Army and really like it that untrained civilians don't get to buy them at the supermarket. This means that I do not get one either but as we have sensible rules, I am pretty safe.
3 The queen owns a lot of stuff but a lot less than some. As for the USA, look up "eminent domain"
4 If you do not cooperate with the police/spooks by not giving them everything they want, do you think they will let you just walk away?
Re: (Score:2)
jail them for wrongthink and acts of journalism
Could you reference this happening?
ignore democratic referendums when the vote doesn't go their way
To be fair the Government is doing its best to deliver on their promises.
It's hard to tell from behaviors alone if one is discussing the UK or Venezuela
If Labour gain power I think you'll find the difference very fucking fast.
Re: (Score:2, Informative)
jail them for wrongthink and acts of journalism
Could you reference this happening
Tommy Robinson.
ignore democratic referendums when the vote doesn't go their way
To be fair the Government is doing its best to deliver on their promises.
Tell that to Labour and the Lib-Dems in Parliament. You've got a zomby government that refuses to stand for election while they try every trick in the book to prevent Brexit, now with your Supreme Court going partisan-political to assist them as well.
It's hard to tell from behaviors alone if one is discussing the UK or Venezuela
If Labour gain power I think you'll find the difference very fucking fast.
Labour are outright communists at this point. If God forbid you're cursed with a win by Labour and that Marxist Corbyn gets in as PM the UK will exceed Venezuela in nearly every negative metric.
Strat
Re:Firefox Plugin (Score:4, Informative)
Tommy Robinson.
Stephen was not prosecuted or jailed for wrongthink or acts of journalism. He was rightfully prosecuted and jailed for contempt of court, specifically putting at risk the fair and just trials of child molesters and rapists.
Are you defending that? Would you like those people to be set free because some idiotic cunt mouths off on camera and prevents them having a fair trial?
Tell that to Labour and the Lib-Dems in Parliament. You've got a zomby government that refuses to stand for election while they try every trick in the book to prevent Brexit, now with your Supreme Court going partisan-political to assist them as well.
Technically that's Parliament acting like cunts and not the Government. It's going to end badly.
Re: (Score:2)
You ought to read up more on the Yaxley-Lennon case then.
The original contempt of court was so bad, the judge who sent him down so quickly and without proper representation was sacked (well, he resigned very conveniently afterwards, well before he was due to do so).
they sent him from a normal prison to one with the highest concentration of Muslims in the UK, and put him in a cell directly opposite the prison mosque. Apparently his door was "accidentally" left unlocked on 3 occasions too.
As for the verdict t
Re: (Score:1)
Would you like those people to be set free because some idiotic cunt mouths off on camera and prevents them having a fair trial?
What are you on about? The trial was over, they were going in for sentencing. All the determination of innocence or guilt was over, Robinson/Yaxley couldn't have affected the trial as it was over except for the punishment phase.
You really should inform yourself better, as even I being a Yank apparently understands more about current events in your nation than you do (if you're a UK citizen). That's just sad. It does, however, go a long ways towards explaining how the UK got into such a mess if you're a typi
Re: (Score:3)
There were multiple linked trials.
Seems I'm better informed than the fuckwits supporting that idiot.
Re:Firefox Plugin (Score:4, Insightful)
Reporting on the outcome of a trail at which evidence was used that was pertinent to another trial prejudices that other trial.
He showed contempt of court. He was found guilty of contempt of court. He was sentenced to prison. He served his sentence. He's still fucking alive.
But hey, keep fucking ranting your idiocy. Thank fuck you don't live here.
Re:Firefox Plugin (Score:4, Insightful)
1 - the reporting restrictions were in place because of the multiple trials that were considered interdependent
2 - the defendants were not, on 25th May 2018, convicts. The jury had not yet reached a verdict (and did not until 5th June)
3 - on 29th May Counsel for two of the defendants applied (unsuccessfully) for the discharge of the jury, relying among other things on the way in which Yaxley Lennon had confronted the defendants
Basically he was interfering with a trial in progress and very nearly caused it to be cancelled.
But I'm only reading from court judgements, what do I know. Perhaps you should write to the courts and let them know that they don't know UK law, that they made a wrong decision, that they should listen to you instead.
Oh, and let 29 paedophile gang rapists walk free too. Because in the UK you get a fair trial, even if that means idiotic shits like you have to shut the fuck up and not film people at the court.
Re: (Score:3)
Tell that to Labour and the Lib-Dems in Parliament.
They're not the government, they're in Parliament. In the case of the lib dems, they were elected in on a pretty anti-Brexit stance in an election held after the referendum. It would seem pretty anti democratic to prevent representatives representing the people who voted for them...
You've got a zomby government that refuses to stand for election while they try every trick in the book to prevent Brexit
No, the government is trying to deliver their version of
Re: (Score:2)
That's a dog-whistle for supporting the neo-Nazi Tommeh Robinson and his bunch of thugs. Nazi out of the National front via the British National Party and more recent incarnations like the English Defence League.
Enjoy the company you keep, Nazi. I look forward to tieing the nooses for the next Nuremberg mass trial. Probably it'll be hosted in Luton.
They voted them internet villain... (Score:5, Insightful)
Wtf is this world coming to
Irrelevant (Score:3, Informative)
DNS over HTTP is a stupid idea for a whole host of reasons , not least that it completely bypasses personal black and white lists and the /etc/hosts file.
Re: (Score:2)
Yes, you should be using a Hosts File Engine... (tongue firmly in cheek)
Re: (Score:2)
Re: (Score:2)
In most cases, modified hosts files just indicates some sort of infection (current or past) or some low-grade 'security' filter. If you can disable it in about:config, then us geeks can still use hosts files, for most other reasons, hosts files shouldn't be trusted.
Re: (Score:2)
Not really though - the browser makes the request, the hosts file is part of the OS network stack, so when the network sees the request, its already encrypted.
but using a hosts file as a filter is a pretty basic and poor way to do security, especially when you can build hosts-specific filters into your browser using plugins such as ublock origin.
eg right now "pro-market.net" is blocked and I never even knew it was there.
Re: (Score:2)
"but using a hosts file as a filter is a pretty basic and poor way to do security"
It is however an extremely good way hard wire certain mappings.
"especially when you can build hosts-specific filters into your browser using plugins such as ublock origin."
Right, because who wants to spend 10 seconds editing a host file when you can download Some Random Plugin with who knows what weaknesses or exploits or author backdoors for 1 particular browser then spend half the day configuring it. And once you've done tha
Re: (Score:2)
Why consider "other networked programs" when its only the browser that is implementing DNSoH?
And as for the plugins with god knows what wekanesses - that's exactly the same argument you can use for every network program.
Re: (Score:2)
"Why consider "other networked programs" when its only the browser that is implementing DNSoH?"
Umm, because you want the browser to be consistent with the rest of your suite?
Re: (Score:3)
"Cloudflare is providing a recursive resolution service with a pro-user privacy policy. They have committed to throwing away all personally identifiable data after 24 hours, and to never pass that data along to third-parties. And there will be regular audits to ensure that data is being cleared as expected."
What do they do with the personal data before it's thrown away? What if Cloudflare decides to change their privacy policy? What's in it for Cloudflare to provide this free service?
"But this doesn
Re: (Score:2)
You can select a custom DNSoH server if you dislike Cloudflare's - there will be ones out there soon enough, then you can switch to using Google's, or whic ever DNS server you currently trust, which is probably Google's... the encrpytion only applies to get from you to the DNS server without snooping in between. If you don't like it you can still use the old way and let everyone with access to your comms see which sites you're resolving.
right now your IoT thing could be happening anyway, they just have to m
Re:Irrelevant (Score:4, Insightful)
It makes me nervous when someone decides to step in an go "I'm trustworthy, everyone come through me now".
It's good to question, but also consider the status quo, which for most people in the UK is to use their ISPs DNS, is already completely insecure. Government forces them to keep logs of all your requests, and those requests are censored by government edict as well.
You are probably not going to find anything less trustworthy than what they already have.
Re: (Score:2)
Just to amplify, the UK government requires UK-based ISP to keep their entire logs, of requests, sources, destinations, times, at the ISP's cost, for a period of seven years. I'm not sure about how fast a response to a data request is required - probably 24 hours.
Which means, of course, that after you leave one ISP for another one (say, you don't like the first having been brought by a Brazilian company) then the first will keep the details of your a
Re: (Score:3)
DNS over HTTP is a stupid idea for a whole host of reasons , not least that it completely bypasses personal black and white lists and the /etc/hosts file.
Well duh, encryption can't tell the difference between your local snooping, the external firewall, your ISP or evil third parties on the Internet. Once you've encrypted it the contents stay secure until they reach the recipient, if you want to process the data you have to do that before it's encrypted. If DoH is stupid then so is HTTPS, it's exactly the same for the web - those HTTP requests everyone could read and modify can no longer be read or modified. I think that's a feature, maybe you consider it a b
Re: (Score:1)
Since you apparently had no clue what simple point I was making even though it was right on front of you face,. perhaps these sort of discussions are not for you. It has nothing to do with encryption you bell end.
Re: (Score:3)
Since you apparently had no clue what simple point I was making even though it was right on front of you face,. perhaps these sort of discussions are not for you. It has nothing to do with encryption you bell end.
Then what IS your point? Firefox is open source, modify it to check your whitelist/blacklist/hosts file if they don't provide support for one. I would think it would be roughly a 10 line patch.
returnIPfromDoH();
=>
if ( hostname in /etc/hosts ) {
returnIPfromHosts();
}
if ( hostname in blacklist ) {
return HostNotFound;
}
if ( use_whitelist && hostname not in whitelist ) {
return HostNotFound;
}
returnIPfromDoH();
Though I
Re: (Score:2)
" Firefox is open source, modify it "
Oh go away you stupid tit. I have better things to do with my time that fuck about hacking browser code to fix a problem that should never have been created in the first place by people who don't understand networks outside their narrow browser sphere.
Re: (Score:3)
DNS over HTTP is a stupid idea for a whole host of reasons , not least that it completely bypasses personal black and white lists and the /etc/hosts file.
That's not right, it's not even wrong.
No, DoH doesn't prevent personal black/white lists in the hosts file. You can get a glibc plugin that does DoH instead of over UDP, and that runs after all the usual machinery. The thing that prevents /etc/hosts from doing its job is applications implementing their own resolver that doesn't read that file. That's an or
Re:They voted them internet villain... (Score:5, Informative)
To be fair, ISPA has withdrawn the nomination, and apologized for labeling Mozilla a villain [packtpub.com].
The real villain here is the British government.
Re: (Score:2)
Can't put the smoke back in the capacitor. They may have withdrawn it, but they're still evil fucks, they're just evil fucks who are now hiding the evidence of their fuckery, and they're still real villains.
Don't be a henchman
Stand on your laurels
Do what no one else does and praise the good of other men for good man's sake
And when everyone else in the world follows your lead
Although a cold day in hell it will surely be
That's when the world will live in harmony
(Graffin)
Re: (Score:1)
Information wants to be free was the motto.
Two decades later everyone around me turned into autocratic tyrants that want to send wrong-thinkers to the virtual gulags. A pox upon all of you.
Thanks for the hint (Score:5, Insightful)
If the government is so concerned about DoH being enabled then it must be a good thing. If ISPs think it will bypass their spying and blockades then it must be a great thing.
Note that the blocks they are talking about are generally civil affairs, i.e. they block The Pirate Bay because some media companies took them to court to force it. Individuals or ISPs not named in their action are not obliged to block anything.
Re:Thanks for the hint (Score:4, Insightful)
If the government is so concerned about DoH being enabled then it must be a good thing. If ISPs think it will bypass their spying and blockades then it must be a great thing.
Governments electing to locally censor shit with DNS is a good thing because it can be bypassed by anyone willing to exert a small amount of effort.
When blocks stop working for everyone by default the political environment that lead to censorship isn't just going to evaporate. Government isn't going to give up and say oh fuck it DoH exists we're screwed. They will simply deploy more heavy handed measures to achieve the same censorship goals to the detriment of all.
Note that the blocks they are talking about are generally civil affairs, i.e. they block The Pirate Bay because some media companies took them to court to force it. Individuals or ISPs not named in their action are not obliged to block anything.
Just what do you think is going to happen here as a result? Are the courts going to insist ISP take a now completely meaningless action to block content? An action that nobody will even notice? Is that what you believe?
While local control may suck because x, y, z the alternatives to it all suck more.
Also keep in mind DoH can be bypassed by all current "evil" DNS providers via canary domains. The underlying argument all ISPs are evil and only centralized providers are trustworthy is technically nonsensical because any such evil local provider could trivially prevent the use of DoH in the first place negating all benefits real or imagined.
Re: (Score:3)
One of the arguments that got the blocks in the first place is that they were easy and cheap to implement. If it's now a case of needing expensive DPI equipment then the court won't be willing to force the ISPs to do it for free.
Re: (Score:2)
One of the arguments that got the blocks in the first place is that they were easy and cheap to implement.
So are ACLs.
If it's now a case of needing expensive DPI equipment then the court won't be willing to force the ISPs to do it for free.
More likely they will simply force the DoH provider Cloudflare with substantial personnel, equipment and local offices in the UK to do it for them for free.
Re: (Score:2)
I'd like to see them go after Cloudflare, who will put up more of a defence than the ISPs.
Re: (Score:2)
I'd like to see them go after Cloudflare, who will put up more of a defence than the ISPs.
Cloudflare is a relatively small company with no political clout in UK and blocking is now mandated by law. Any ideas what political or legal basis such a defense would look like?
It appears what has in fact happened is rather than taking a stand Cloudflare via their proxy (Mozilla) has preemptively backed down.
Re: (Score:2)
Cloudflare's market cap is about $5bn, not so small. And there is no law, it's a purely civil matter.
Defence would be that the burden to block sites for just UK customers, the only jurisdiction of the court, would be too great. Also it's the job of the ISPs to block sites.
The would also argue that the claimant should be going after the site registrar anyway.
Re: (Score:2)
Cloudflare's market cap is about $5bn not so small.
Largest ISPs in the UK have twice that and 30x employees.
And there is no law, it's a purely civil matter.
Disobeying court orders in the "UK" is not against the law? Really?
http://www.legislation.gov.uk/... [legislation.gov.uk]
Defence would be that the burden to block sites for just UK customers, the only jurisdiction of the court, would be too great.
This would be an amusing legal strategy given the capabilities of services Cloudflare offers commercially including address geo location services and actual triviality of implementation.
Also it's the job of the ISPs to block sites. The would also argue that the claimant should be going after the site registrar anyway.
Good luck.
Re: (Score:1)
Collect it all will never stop.
So its not a matter of been "concerned" over new math...
Think of it more as what every ISP was set to log.
HTTPS might get around all that easy ISP logging that was set up at a police level to keep decades of ISP logs.
Now its back to the GCHQ again for full logs
When the internet stops in the UK then the GCHQ is "concerned"...
Hope and fear (Score:3)
There's fear what their replacements would be like.
Re: (Score:2)
Granted I don't like in the UK (Score:1)
But how would the poor power hungry fascists react if they knew there is an even better way to do encrypted DNS lookups?
DNS over TLS is taking off, and its not hard to set a linux box to use Stubby and DNSmasq such that all DNS requests are encrypted.
My gateway box at the house is set that way and it also acts as the resolving server for the rest of the local network, so any client on my network is performing DNS over TLS.
Godwin so soon? (Score:1)
"power hungry fascists"
Do grow up.
Re: (Score:3)
Re: (Score:2)
One of the basic responsibilities of a government is national security. If that basic fact has so far passed you by then perhaps stick to drawing with your crayons.
Re: (Score:2)
One of the basic responsibilities of a government is national security.
Interesting that the USA considers its principle adversaries to be its own population.
Re: (Score:2)
Aww, did mummy take away your teddy bear again? Diddums LOL :)
The Mozilla doublespeak problem (Score:1, Insightful)
What makes UK users different from US users that UK users deserve special respect and consideration while US users are not afforded the same? Does the Internet work differently in the UK? Are human beings in the UK more valuable or special than human beings in other countries?
strongly believe that DNS-over-HTTPS would offer real security benefits to UK citizens
I strongly believe Mozilla is full of shit.
DNS is one of the oldest parts of the internet's architecture
Appeals to novelty = waste of readers time
, and remains largely untouched by efforts to make the web more secure.
If you believe DNS is sufficiently broken to warrant action you could work on solutions and industry consensus to address perceived shortcomings in
Re: (Score:1)
The GCHQ will be fine, but police and local gov who like to collect it all from every ISP may find their software logs don't look and sort the same..
Re: (Score:2)
What makes UK users different from US users that UK users deserve special respect and consideration while US users are not afforded the same? Does the Internet work differently in the UK? Are human beings in the UK more valuable or special than human beings in other countries?
Yes. What's your point? ;)
Re: (Score:2)
With this solution any bump in wire boogiemen still gets the exact same information on what sites you are visiting by passive observation of data flows.
Clearly you dont understand how this works. Unless you have a trusted cert on their box you aren't passively observing a fucking thing. Before you go trying to punch holes in this maybe you should have some fundamental grasp on the technology.
Re: (Score:2)
ISP opposition to DoH makes sense in the wider situation.
The UK mandates internet filtering. Not a great deal of internet filtering, compared to other countries, but some. There are three reasons the ISPs are required to block certain websites:
- Court-ordered blocking of copyright infringement. Mostly bittorrent indexers.
- The not-quite-mandatory blocking of child sex abuse. It's not actually a legal requirement, but parliament made it quite clear years ago that if all major ISPs do not do this 'voluntarily
Endorsement (Score:1)
testing DoH (Score:2)
Re: (Score:2)
Re: (Score:2)
...Obviously don't go for child porn. Maybe try to find something naughty about Tommy Robinson?
I think I'd rather pick the child porn
Re: (Score:2)
There is no government-mandated filtering on Tommy Robinson. Why is everyone treating him like a hero? He's a career criminal, not a hero.
Re: (Score:2)
Snoop yo' self!
Dear UK government (Score:2)
Get your shit together and get out of the EU or stay or whatever but stop fucking about. And keep your damn nose out of stuff that's none of your business!
Signed,
The World
Or you could do it at LAN level (Score:1)
Something I may investigate on a rainy Sunday afternoon and we get enough of those in the UK
Building and running your own DNS-over-HTTPS Server [bentasker.co.uk]
Re:Or you could do it at LAN level (Score:4, Interesting)
Yeah, install dnscrypt-proxy [github.com] in your favorite OS and point everyone there. Works like a charm. It even picks the best servers from a list it self updates from, and you can cherry pick the types of servers from said list. Oh, and it caches too!
When all you have is a hammer... (Score:5, Insightful)
Seriously, why are we letting browser engineers muck about with things like DNS? As someone else pointed out, if DNS is broken, then the people responsible for DNS should be the ones to engineer the fix.
Not the insane web browser posse, who insist that everything is a nail that can be hammered with HTTP.
Because nothing else uses the Internet but the web, right?
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Seriously, why are we letting browser engineers muck about with things like DNS?
Because they are free to do so.
As someone else pointed out, if DNS is broken, then the people responsible for DNS should be the ones to engineer the fix.
Passing the buck is an excellent way to get things done.
Re: (Score:2)
You know a great way to bypass internet censorship? Make everything look like HTTP.
If you have some technical problems with the implementation then let's hear them and have a nice technical discussion. But if all you got is "browser vendors should stick to browsing" and "don't implement something in HTTP because *I* said so" then you're not going to have a good time.
As for "everything else". Hows the switch to IPv6 going? Actually fuck it, something more relevant, when do you think we'll finally implement D
doublespeak (Score:2, Insightful)
Well, that's real shitty of them! (Score:1)
So Firefox bows to tyrants now?
Whatever, as long as the option is there..
When are we going to make the internet into a ad hoc network that nobody can censor and redirect?
And then, you can still run your own DNS resolver (Score:2)
The whole thing is akin to posting signs saying "please do not access this place" and is easily ignored. Or use the TOR Browser or Tails to not even be bothered by it at all.
Surveilance and control again (Score:1)
Prior art (Score:2)
Re: (Score:1)
Sorry, UK, but *totalitarian censorship*, which you call "filtering" in newspeak, makes *you* the villain.
It puts you in one group with Saudi Arabia, North Korea, and Nazi Germany.
Not to mention Oceania, Eastasia and Eurasia.
Re: (Score:2)