:: Re: [DNG] Mozilla and cloudflare to…
Top Page
This message is part of the following thread:
M--+----+-\the complete thread tree sorted by date
M+\M-++\M.M 
MMMM\MMMM\Arnt Karlsen at ->
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] Mozilla and cloudflare to hijack all your DNS requests - for your own good of course
Hi Taiidan,

I wouldn't use Firefox if it were the last browser on earth. If you
take Firefox out of the equation, are the Cloudflare public DNS servers
any less secure or more problematic than the Google ones or the
Hurricane electric ones, etc?

https://www.lifewire.com/free-and-public-dns-servers-2626062

Thanks,

SteveT


On Tue, 7 Aug 2018 07:51:40 -0400
"Taiidan@???" <Taiidan@???> wrote:

> Yet another great choice by mozilla
>
> Cloudflare is such an incredibly obvious intelligence agency ploy to
> gather data but no one talks about this.
>
> https://yro.slashdot.org/story/18/08/05/2353249/security-researchers-express-concerns-over-mozillas-new-dns-resolution-for-firefox
>
> Article included for your security pleasure
>
> "With their next patch Mozilla will introduce two new features to
> their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted
> Recursive Resolver (TRR). Mozilla says this is an additional feature
> which enables security. Researchers think otherwise. From a report:
> So let's get to the new Firefox feature called "Trusted Recursive
> Resolver" (TRR). When Mozilla turns this on by default, the DNS
> changes you configured in your network won't have any effect anymore.
> At least for browsing with Firefox, because Mozilla has partnered up
> with Cloudflare, and will resolve the domain names from the
> application itself via a DNS server from Cloudflare based in the
> United States. Cloudflare will then be able to read everyone's DNS
> requests.
>
> From our point of view, us being security geeks, advertising this
> feature with slogans like "increases security" is rather misleading
> because in many cases the opposite is the case. While it is true that
> with TRR you may not expose the websites you call to a random DNS
> server in an untrustworthy network you don't know, it is not true
> that this increases security in general. It is true when you are
> somewhere in a network you don't know, i. e. a public WiFi network,
> you could automatically use the DNS server configured by the network.
> This could cause a security issue, because that unknown DNS server
> might have been compromised. In the worst case it could lead you to a
> phishing site pretending to be the website of your bank: as soon as
> you enter your personal banking information, it will be sent straight
> to the attackers.
>
> But on the other hand Mozilla withholds that using their Trusted
> Recursive Resolver would cause a security issue in the first place for
> users who are indeed in a trustworthy network where they know their
> resolvers, or use the ISP's default one. Because sharing data or
> information with any third party, which is Cloudflare in this case,
> is a security issue itself."
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] How to test the backend of simple-netaidRe: [DNG] Cannot find in mail archive: was Mozilla and cloudflare to hijack all your DNS requests - for your own good of course->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)