SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Mozilla Testing DNS-over-HTTPS in Firefox | SecurityWeek.Com
Mozilla is moving forward with yet another project designed to provide users with increased security: it is now testing DNS-over-HTTPS (DoH) in Firefox stable.
Only a small group of users will enjoy the feature for now, as it is still in the testing phase, but Mozilla is determined to work with industry players for a larger rollout. When that will happen, however, remains to be seen.
Mozilla has been already testing DoH in its browser, looking into the time it takes to get a response from Cloudflare’s DoH resolver. With the test results positive, revealing great performance improvements even for the slowest users, the Internet organization has decided to move forward with its plans.
“A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story,” Mozilla’s Selena Deckelmann explains.
(Score: 2, Insightful) by Anonymous Coward on Saturday December 01 2018, @07:48PM (2 children)
"There's just no reason to encrypt publicly available content"
I disagree. First you have no reasonable expectation that one communication is in any way similar to another regardless of the A record, or URL. There are all kinds of server side hacks from geo-IP to integration with user profile databases that allow the transmitted data to be unique on per user basis. If it is unique to you, then it isn't "publicly available".
From a legal perspective I think it goes a lot further than that. When you use DNS mining and ad-tracking, in order to provide data to sociopathic professionally trained industrial psychologists, (advertisers) it becomes harmful to human welfare. As these systems become more highly targeted the degree of abuse is going to become more acute. For example, pimps using these systems to target households on the poverty line with young women in them, with content and advertising that make the victems of their trade more recruitable. (if that isn't going on already I'd be surprised)
Personally I consider DNS mining and ad-tracking to be indistinguishable from felony wiretapping. The founders had reasons for the 3rd and the 4th amendments. Regardless of what dogmatic circle jerk the judiciary uses to pretend the carriers and data brokers are not acting as agencies of state, the founders reasons are as relevant today as they were then.
The intrusion is not as overt as say, wearing a fake police uniform and searching somebodies home. But the degree of intrusion is so extensive, that 20 year ago it would only have been possible if operating under the color of law, pretending to do so fraudulently, or acting feloniously. The invasion is non-consensual, and the loss is realized in the form of reduced mental health. How are we to reconcile the changes between then and now? Are they agents of state, criminals pretending to be agencies of state, or just plain on criminals? Because nobody asked them to do this, and there is a clinically measurable loss being incurred.
(Score: 3, Insightful) by bzipitidoo on Saturday December 01 2018, @11:23PM (1 child)
An early stage of providing good security is specifying "security against what?" What is the threat? Even earlier than that is figuring out if we're talking about security or privacy, or something else. They aren't the same thing. The very term "security" is ripe for abuse, and it has been abused greatly.
Almost anything can be cast in terms of fears, and security against those fears. The damnedest crazy notions that might somehow be slightly related to security get taken seriously. As an example, consider the idea of building a "big beautiful wall" on the US-Mexico border, and this latest hokum about a migrant caravan threatening to cross the border. Long walls are fake security. Very, very costly, and worthless unless manned at even more expense. Today, the Great Wall of China is naught but a tourist attraction, and a massive monument to human stupidity. The Maginot Line was another colossal failure. Obviously, walls can't stop planes or boats. But more subtly, what they are is the wrong security against the wrong problem. On the outside, hordes of barbarians pressing up against the wall, and on the inside a declining empire struggling to field enough soldiers to man the wall. But if the empire was healthy, it would have no trouble with a border, wall or no. The French needed to reform and expand their army and military doctrines and practices, not kid themselves that a fortified line could really stop the Germans. Even before that, the French should've taken the legs out from under one of Germany's main grievances, the supposed unfairness of the Versailles Treaty, in particular, the reparations.
The idea of HTTPS or S-HTTP or any other encryption as a defense against data collection and for our privacy is much the same as walls. It's looking at the problem wrong. You can't hide your gender or race, or your purchases. Instead, we have such things as the EEOC and laws against discrimination. We also had the 1965 Voting Rights Act, until the politicians currently in power managed to get a feeble pretext of us now being "post racist" accepted. Laws against discrimination and abuse, and against the mechanisms used to carry out bigotry are a much better solution than trying to be private about things you can't hide from determined bigots. Even better would be a cure for bigotry, and perhaps even further, insofar as bigotry is caused by external factors such as poverty and desperation, eliminate those factors.
(Score: 0) by Anonymous Coward on Sunday December 02 2018, @04:06AM
"You can't hide your gender or race, or your purchases."
Actually, in the 90's, when there was no such thing as a switch fabric that could do line rate stateful inspection that is exactly what we had.
""security against what?"
We don't need to ask that question. The first draft of that particular specification was written in 1789. All the Internet does (or did until the ISP's were all bought out by mobbed up pirates) is digitize the exercise of existing human rights. From a constitutional standpoint, interpersonal communication is not different now than it was after the last constitutional congress. Though from a statutory standpoint it is totally different. The dichotomy between the two, being the measure of extra-jurisdictional reach by the respective legislatures, and the judiciaries that affirm their insanity.