On 2019-09-10 19:56:48 +0200 (+0200), Julien Cristau wrote: [...] > How is this worse than what we're already doing by default, namely > sending the same data to whoever happens to be on the network, in > addition to whoever happened to be listed in an unauthenticated > dhcp response? (Which, if you're lucky, is your ISP, aka a 3rd > party.)
It still significantly distributes the work of recording your DNS queries/Web browsing activity. Cloudflare and their competitors are already well-placed to see a significant proportion of general Web traffic due to their CDN businesses, which makes them a much more attractive target for mass surveillance (either mandated by some governments, for sale to the highest bidders, or simply as the victims of a stealthy criminal incursion). That status increases if they're also the de facto DNS resolver for a majority of Firefox users. I think it comes down to whether you consider the biggest privacy risk to come from focused/local attacks (in which case the new default is a benefit) or from global dragnet trawling by "big brother" (in which case nearly everyone in the World trusting the same small number of companies is a problem). -- Jeremy Stanley
signature.asc
Description: PGP signature
