Is running the service ourselves out of the question? If so, how come? I mean I know we're not really in the business of running massive scale DNS; but running it for a month, and ramping up the people included in the study so we can monitor load seems feasible.
The goal of the study is described as "performance feasibility" - but won't the data we get from it assume a performance conclusion based on Cloudflare? (Which we might consider 'best-case'?) And that any other DoH provider would be worse performance, by a factor we don't know? If we ran the backend ourselves, we would know the geo distribution of clients sending us traffic and it seems like we could even measure their latency passively[1]. So we'd have more data than if we used Cloudflare. -tom [0] Not necessary keeping people running the study for a month; but over a month ramping up until we have encompassed 100% of the population. [1] It seems possible to do this since the client's going to be sending us multiple packets, but yea I don't know any tools that would actually do this. On Mon, Mar 19, 2018 at 9:02 AM, Henri Sivonen <hsivo...@hsivonen.fi> wrote: > On Mon, Mar 19, 2018 at 1:25 PM, Patrick McManus <pmcma...@mozilla.com> wrote: >> The objective here is a net improvement for privacy and integrity. > > I understand that the goal is better privacy. But it's likely that > people get outraged if a browser sends information about what is > browser to an off-path destination without explicit consent regardless > of intention, nightliness or promises the destination has made. > > Opt-in is the way to go to avoid damaging trust. > > Like I said on the bug: "the way people are known to react this kind > of thing isn't in our power to negotiate". Hence, the intention being > more privacy doesn't mean that if we do this without explicit consent > people won't be outraged. > >> Nightly is an explicitly experimental channel which is part of the reason >> it is the choice for the first validation. > > It's totally reasonable from a user perspective to expect Nightly to > run the latest and potentially buggy code, but it doesn't follow that > it's OK to give Nightly users less control of their privacy. > > FWIW, from the point of view of my expectations as a Nightly user, > this goes against the old "No surprises" privacy language we had. (It > seems that the "No surprises" privacy language has been removed. It's > not good that the new language doesn't make it obvious at a glance > whether Mozilla permits itself to do what's proposed here without > explicit opt in. It think it would be better for Mozilla to > unambiguously promise not to do the kind of thing that's being > proposed here without explicit opt in.) > >> I initiated this thread on dev-platform because imo it is a reasonable >> scope for nightly changes, especially ephemeral flip pref changes, and >> that's why the FYI goes here. Its definitely not a secret. Messaging to a >> larger user base than is impacted invites confusion. Future possible >> changes impacting larger populations or putting things on trains would use >> other, more broadly read communications channels. > > It seems to me that the appropriate messaging would be in-Nightly > messaging asking if the user wants to participate in an experiment > that uses Cloudflare as the DNS provider in place of whatever DNS > provider their system would otherwise use. > > -- > Henri Sivonen > hsivo...@hsivonen.fi > https://hsivonen.fi/ > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
