On 2018/08/05 20:53, Landry Breuil wrote: > On Sun, Aug 05, 2018 at 11:22:07AM -0500, Ax0n wrote: > > It looks like Mozilla is enabling these features by default for Firefox 62 > > after a controversial Shield Study earlier this year. These override one's > > system DNS preferences by default, relying on 3rd parties (currently > > CloudFlare) for DNS. These features seem like they could do more harm than > > good for all but the most casual of browser users. > > * Adds complexity to troubleshooting browser issues > > * Creates a single point of failure > > * Sends private data from browsing to a third party without consent > > If you don't back your claims by actual trusted links about the matter > (and not 'someone told it to me on IRC), this is pure FUD. > > The 'Shield Study earlier this year' is > https://bugzilla.mozilla.org/show_bug.cgi?id=1446404, which is over, and > there will be a new Shield Study for another TRR mode, but that only > targets nightly users: > https://bugzilla.mozilla.org/show_bug.cgi?id=1475321 > > And by the way, Shield Studies are disabled for new profiles on OpenBSD > since last december (unless the pref has changed in the meantime..),cf > https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/mozilla-firefox/files/all-openbsd.js?rev=1.4&content-type=text/x-cvsweb-markup > > To make sure, check that app.normandy.enabled is false in your profile. > > The TRR code *will* be complete on 62 for users to test it, but i'm not > aware of any intention to turn it on by default, and i have my > close-to-mozilla sources. > > More links on the matter: > https://wiki.mozilla.org/Trusted_Recursive_Resolver > https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/ > https://www.ghacks.net/2018/03/20/firefox-dns-over-https-and-a-worrying-shield-study/ > > Right now, in beta (which will become 62) afaict TRR defaults to false: > https://dxr.mozilla.org/mozilla-beta/source/modules/libpref/init/all.js#5260 > > > The "casual browser user" demographic likely has a very narrow if > > nonexistent overlap with OpenBSD desktop/laptop users. Are there plans to > > have these configuration settings disabled for the packaged versions of > > Firefox in ports? If not, I would suggest at least adding a blurb about > > these features to the install-message. > > The 'OpenBSD power user' knows there are plenty of knobs to frob. > There's no point in adding a blurb to the README (that actually *noone* > reads) for each and every setting in the world... >
Nothing to see yet. But as it's a serious privacy compromise *if* mozilla do eventually decide to send DNS data to a (US-based) third party by default and it's left on in the package, that damn well should be listed, and I think in MESSAGE not just README ;-)
