On Thu, Sep 12, 2019 at 11:43:33PM +0200, Marco d'Itri wrote: > On Sep 12, Wouter Verhelst <wou...@debian.org> wrote: > > > Except all they need to do is return NXDOMAIN on the > > "use-application-dns.net" domain, and Presto! they can spy on their > > users again. > They need to have a government to compel then to do it, which is not > obvious.
That's not in the announcement. In fact, it also allows for "opt-in parental controls", which has nothing to do with governments. > And then Mozilla will disable that (you can read this clearly > in their announcement) and figure out a different strategy. The announcement does indeed mention that, yes. I sincerely doubt they'll actually do that, though, unless more than, say, 50% of the networks they measure end up disabling things. Of course that's just a matter of personal opinion. > > Meanwhile, Firefox' default sends everything to the other side of the > > Internet without the user's consent. How does that improve privacy? > Not really "to the other side": Cloudflare's resolvers are highly > anycasted. I admit to using some hyperbole here, but the point was that your data is being sent to a partner of the software you happen to be using, without you having a contractual relationship with them. If your bank did that, you'd yell that it's improper. So why is a browser allowed to do so? Don't get me wrong; I applaud Mozilla for trying to make encrypted DNS the default. I just don't think they're going about it the right way. -- To the thief who stole my anti-depressants: I hope you're happy -- seen somewhere on the Internet on a photo of a billboard
