Hi Taiidan,
I wouldn't use Firefox if it were the last browser on earth. If you
take Firefox out of the equation, are the Cloudflare public DNS servers
any less secure or more problematic than the Google ones or the
Hurricane electric ones, etc?
https://www.lifewire.com/free-and-public-dns-servers-2626062
Thanks,
SteveT
On Tue, 7 Aug 2018 07:51:40 -0400
"Taiidan@???" <Taiidan@???> wrote:
> Yet another great choice by mozilla
>
> Cloudflare is such an incredibly obvious intelligence agency ploy to
> gather data but no one talks about this.
>
> https://yro.slashdot.org/story/18/08/05/2353249/security-researchers-express-concerns-over-mozillas-new-dns-resolution-for-firefox
>
> Article included for your security pleasure
>
> "With their next patch Mozilla will introduce two new features to
> their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted
> Recursive Resolver (TRR). Mozilla says this is an additional feature
> which enables security. Researchers think otherwise. From a report:
> So let's get to the new Firefox feature called "Trusted Recursive
> Resolver" (TRR). When Mozilla turns this on by default, the DNS
> changes you configured in your network won't have any effect anymore.
> At least for browsing with Firefox, because Mozilla has partnered up
> with Cloudflare, and will resolve the domain names from the
> application itself via a DNS server from Cloudflare based in the
> United States. Cloudflare will then be able to read everyone's DNS
> requests.
>
> From our point of view, us being security geeks, advertising this
> feature with slogans like "increases security" is rather misleading
> because in many cases the opposite is the case. While it is true that
> with TRR you may not expose the websites you call to a random DNS
> server in an untrustworthy network you don't know, it is not true
> that this increases security in general. It is true when you are
> somewhere in a network you don't know, i. e. a public WiFi network,
> you could automatically use the DNS server configured by the network.
> This could cause a security issue, because that unknown DNS server
> might have been compromised. In the worst case it could lead you to a
> phishing site pretending to be the website of your bank: as soon as
> you enter your personal banking information, it will be sent straight
> to the attackers.
>
> But on the other hand Mozilla withholds that using their Trusted
> Recursive Resolver would cause a security issue in the first place for
> users who are indeed in a trustworthy network where they know their
> resolvers, or use the ISP's default one. Because sharing data or
> information with any third party, which is Cloudflare in this case,
> is a security issue itself."
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng