if they care about anti-censorship they would add Mozilla-over-Tor or
Mozilla-over-I2P. but nah it wasnt their intention to start with.
Note: This is not recently, look for example on their agreement with
cloudflare:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
Nathaniel Suchy:
Recently Mozilla has pushed an update to their product Firefox that enables DNS
over HTTPS in the United States. However this is not the privacy or
anti-censorship tech they claim it to be. Mozilla added a simple test to decide
whether to allow DNS over HTTPS to run. If an unencrypted query to
use-application-dns.net returns NXDOMAIN or SERVFAIL then Firefox will disable
the DNS over HTTPS system. They claim this is to allow parental controls and
corporate networks to remain secure. However this negates the security benefits
of DNS over HTTPS altogether. At will a network operator, government, or hacker
at a coffeeshop on public wifi - could block requests to the canary domain name
and disable DNS over HTTPS. There is no security warning when this occurs.
Unlike Tor, there are no bridges, no obfuscated protocols. You are just
censored and lose privacy benefits, oh and you don't get to know about it.
I've seen a lot of chat online that DNS over HTTPS and TLS 1.3 with Encrypted
SNI could end online censorship. This is not the case and is a risky line of
thinking to say the least.
If there is one key take away from all of this Mozilla's DNS over HTTPS does
not replace or complement Tor. Mozilla is not developing anti-censorship tech
and has built-in backdoors into both their implementation of DNS over HTTPS and
Encrypted SNI Extensions for TLS 1.3. We should be keeping a close eye on
Mozilla, as there's no telling what will happen next!
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
