On 19/03/2018 09:07, Daniel Stenberg wrote: > On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote: > > I don't have such a far-reaching agreement with my ISP and its DNS. I > don't have such an agreement at all with 8.8.8.8 or other publicly > provided DNS operators. Yes, you're perfectly right, but you had a chance to choose it (or at least, you feel like you've got the option). > > What other precautions or actions can we do to reduce the risk of this > being perceived as problematic? Would reducing the test population > really make it much different? Reducing the population won't make any difference, unless that population feels they had a choice. If possible, I'd suggest to give maximum publicity to this experiment beforehand, exposing all the good arguments above (and not having it "discovered" after the fact on Reddit or Slashdot, which ensures only the "shady" and possibly baseless edges get told in outrage) and proposing the change with a splash page or something like that, even as the default choice, but not silently pre-enabled.
Just my 2 cents. -- G > >> I definitely see some easy ways this could be problematic from a public >> relations perspective given things going on in the industry these >> days and >> some of our own mistakes the in the past. It's definitely worth taking a >> little while to consider the implications before throwing the switch. >> >> On Sun, Mar 18, 2018 at 8:39 PM, Dave Townsend <dtowns...@mozilla.com> >> wrote: >> >>> On Sun, Mar 18, 2018 at 5:27 PM Patrick McManus <pmcma...@mozilla.com> >>> wrote: >>> >>>> Obviously, using a central resolver is the downside to this approach - >>> but >>>> its being explored because we believe that using the right resolver >>>> can >>> be >>>> a net win compared to the disastrous state of unsecured local DNS and >>>> privacy and hijacking problems that go on there. Its just a swamp out >>> there >>>> (you can of course disable this from about:studies or just by setting >>> your >>>> local trr.mode pref to 0 - but this discussion is meaningfully about >>>> defaults.) >>>> >>> >>> I believe that a good resolver makes all the difference. I'm just >>> concerned >>> about the privacy aspects of this, particularly since we're not really >>> messaging this to users. Is there a reason we need a full 50% of >>> Nightly >>> population to get the data we need here? >>> >>> On that topic I'm interested in what data we expect to get, is it just >>> comparing how the resolver performs from a variety of locations and >>> for a >>> variety of lookups? >>> Is there some mechanism in place for users who's normal DNS resolver >>> intentionally returns different results to global DNS (e.g. for region >>> spoofing etc.)? >>> >>> >>>> And in this case the operating agreement with the dns provider is >>>> part of >>>> making that right choice. For this test that means the operator >>>> will not >>>> retain for themselves or sell/license/transfer to a third party any >>>> PII >>>> (including ip addresses and other user identifiers) and will not >>>> combine >>>> the data it gets from this project with any other data it might >>>> have. A >>>> small amount of data necessary for troubleshooting the serviceĀ can be >>> kept >>>> at most 24 hrs but that data is limited to name, dns type, a >>>> timestamp, a >>>> response code, and the CDN node that served it. >>>> >>> >>> Not retaining IP addresses is good. Can they perform aggregate >>> tracking of >>> hostname requests, or tie common hostname requests from an origin >>> together >>> somehow? What is our recourse if they break this agreement (the recent >>> Facebook debacle seems likely to make folks jumpy). >>> _______________________________________________ >>> dev-platform mailing list >>> dev-platform@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-platform >>> >> >> >> >> > -- Giorgio Maone https://maone.net _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
