11
iamrp
1y

Mozilla will update the browser to DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks.

According to the report of TechCrunch : Whenever you visit a website ; even if it's HTTPS enabled, the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS or DoH encrypts the request so that it can not be intercepted or hijacked in order to send a user to a malicious site. These unencrypted DNS queries can also be used to snoop on which websites a user visits. The feature relies on sending DNS queries to third-party providers such as Cloudflare and NextDNS which will have their DoH offering into Firefox and will process DoH queries. Mozilla also said it plans to expand to other DoH providers and regions.

Comments
  • 6
    And this makes it impossible for anyone to use a custom dns server. For companies this is very bad. Even local computers in your home network cannot be resolved anymore.
  • 9
    It's gonna get worse. Chrome blocking more sites and downloads, safari is going to stop honoring long-lived certs.
  • 3
    @Sumafu there is a bunch of software that can act as an DoH-Server. Even Microsoft starts to support it.
  • 2
    @Sumafu As far as I know, you can still choose whatever DNS addresses you want in the settings.
  • 4
    Sending all my DNS queries to a US company is a total no-go. OK, for the inmates of that police state, it doesn't really matter anyway.
  • 0
    It's not the most elegant solution but even with DoH enabled, you can use a proxy and route all DNS through that. That's what I was doing anyway.
  • 3
    DNS being unencrypted is usually not that worse as it sounds. An attacker has to be in your local network or in your ISPs network, if you use their DNS server. If he is, unencrypted DNS is a rather small problem.
  • 3
    Great, more cloudflare snooping.
  • 1
    FYI: you can opt out by setting
    network.trr.mode to 5 in about:config

    See also: https://wiki.mozilla.org/Trusted_Re...
  • 3
    @Jilano But you have to do it in every browser. DNS shouldn’t be a thing of browsers but of the operating system.
  • 4
    @Sumafu Browsers are quickly turning into basically guest OS's, and people use them for absolutely everything. See: chromebooks.

    But think about it. Browsers have GPU and CPU abstraction, compartmentalizing, a guest networking stack, security and permissions, event handlers, their own programming language that's shielded from the host OS and runs in sandboxed execution environments, and whixh can interact with the browser via APIs; also direct GPU access (webgl, shaders), and soon web assembly. They also have their own "filesystem" via cookies and localstorage.
  • 0
    @Sumafu You can just copy your config files, the same you would do with Vim, Zsh, etc.
    I'm not saying it's ideal, but that's what we have right now.
  • 0
    @Shiggy But but nsa can see that you are looking for a certain cultured sites...
Add Comment