I definitely see some easy ways this could be problematic from a public relations perspective given things going on in the industry these days and some of our own mistakes the in the past. It's definitely worth taking a little while to consider the implications before throwing the switch.
On Sun, Mar 18, 2018 at 8:39 PM, Dave Townsend <dtowns...@mozilla.com> wrote: > On Sun, Mar 18, 2018 at 5:27 PM Patrick McManus <pmcma...@mozilla.com> > wrote: > > > Obviously, using a central resolver is the downside to this approach - > but > > its being explored because we believe that using the right resolver can > be > > a net win compared to the disastrous state of unsecured local DNS and > > privacy and hijacking problems that go on there. Its just a swamp out > there > > (you can of course disable this from about:studies or just by setting > your > > local trr.mode pref to 0 - but this discussion is meaningfully about > > defaults.) > > > > I believe that a good resolver makes all the difference. I'm just concerned > about the privacy aspects of this, particularly since we're not really > messaging this to users. Is there a reason we need a full 50% of Nightly > population to get the data we need here? > > On that topic I'm interested in what data we expect to get, is it just > comparing how the resolver performs from a variety of locations and for a > variety of lookups? > Is there some mechanism in place for users who's normal DNS resolver > intentionally returns different results to global DNS (e.g. for region > spoofing etc.)? > > > > And in this case the operating agreement with the dns provider is part of > > making that right choice. For this test that means the operator will not > > retain for themselves or sell/license/transfer to a third party any PII > > (including ip addresses and other user identifiers) and will not combine > > the data it gets from this project with any other data it might have. A > > small amount of data necessary for troubleshooting the service can be > kept > > at most 24 hrs but that data is limited to name, dns type, a timestamp, a > > response code, and the CDN node that served it. > > > > Not retaining IP addresses is good. Can they perform aggregate tracking of > hostname requests, or tie common hostname requests from an origin together > somehow? What is our recourse if they break this agreement (the recent > Facebook debacle seems likely to make folks jumpy). > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > -- Eric Shepherd Senior Technical Writer Mozilla Blog: http://www.bitstampede.com/ Twitter: http://twitter.com/sheppy Check my Availability <https://freebusy.io/esheph...@mozilla.com> _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
