Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 21 Aug 2018, 07:39
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Firefox and Trusted Recursive Resolver
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1271
Location: Canada

PostPosted: Wed 20 Jun 2018, 19:22    Post subject:  Firefox and Trusted Recursive Resolver
Subject description: more privacy than ever with TRR and DNS over HTTPS
 

https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/

Networks can get away with providing untrustworthy resolvers that steal your data or spoof DNS because very few users know the risks or how to protect themselves.

Even for users who do know the risks, it’s hard for an individual user to negotiate with their ISP or other entity to ensure that their DNS data is handled responsibly.

However, we’ve spent time studying these risks… and we have negotiating power. We worked hard to find a company to work with us to protect users’ DNS data. And we found one: Cloudflare.

Cloudflare is providing a recursive resolution service with a pro-user privacy policy. They have committed to throwing away all personally identifiable data after 24 hours, and to never pass that data along to third-parties. And there will be regular audits to ensure that data is being cleared as expected.

With this, we have a resolver that we can trust to protect users’ privacy. This means Firefox can ignore the resolver that the network provides and just go straight to Cloudflare. With this trusted resolver in place, we don’t have to worry about rogue resolvers selling our users’ data or tricking our users with spoofed DNS.


Firefox is on the forefront with its Trusted Recursive Resolver.

Further reading :
https://www.ghacks.net/2018/08/18/browsers-have-cookie-and-anti-tracking-enforcement-issues/
Firefox's Add-ons blocklist :
https://blocked.cdn.mozilla.net/
https://www.ghacks.net/2018/08/17/mozilla-bans-23-snooping-firefox-extensions/

Last edited by labbe5 on Sat 18 Aug 2018, 15:00; edited 2 times in total
Back to top
View user's profile Send private message 
upnorth


Joined: 11 Jan 2010
Posts: 284
Location: Wisconsin UTC-6 (-5 DST)

PostPosted: Fri 22 Jun 2018, 16:53    Post subject:  

That is awesome.
Was already using 1.1.1.1(non DoH), anyway. But, this is a convenient way to set and use secure DNS right in the browser.
Seems to work now on v60 as well.
about:networking#dns
--------------------------------------------
btw, here are the two parameters to set under about:config
network.trr.mode;2
network.trr.uri;https://mozilla.cloudflare-dns.com/dns-query

Last edited by upnorth on Sat 23 Jun 2018, 23:29; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website 
nosystemdthanks

Joined: 03 May 2018
Posts: 331

PostPosted: Sat 23 Jun 2018, 20:08    Post subject:  

gee, thanks to mozilla i cant even trust my laptop speakers to stay muted.

i literally just clipped the wires to them-- i dont need laptop speakers, i do want them to stay quiet though. unfortunately mozilla requires pulseaudio these days, which in turn unmutes the speakers every time i pull the headphones out.

sure, lennart has hidden some setting somewhere on the system, however these things worked fine for about 15 years before the little douche came and broke them.

ive tried enabling and disabling auto-mute, that setting is no longer respected.

i wish there was a wire i could clip to stop this sort of regular sabotage to the software i use. like one that would drop an anvil on his fingers or something, but i dont trust mozilla to protect me from mozilla these days; im certainly not going to trust them to protect me from anybody else.

they stopped being a real organisation over a year ago. i dont let mozilla handle dns anyway. just be a browser; you use way more resources than any other functionality of my entire computer setup, including running other operating systems using kvm, its ridiculous.

i dont even trust mozilla to run updates on its own plugins anymore-- last time i trusted it with that, it turned off stuff i wanted left on-- not when i restarted the browser and could do something about it, it just decided to be dynamic about it. i wouldnt trust firefox farther than i could smack its developers.

_________________
strengthen the public domain, use free culture/free sw licenses and cc0
Back to top
View user's profile Send private message Visit poster's website 
rcrsn51


Joined: 05 Sep 2006
Posts: 12276
Location: Stratford, Ontario

PostPosted: Sun 24 Jun 2018, 09:55    Post subject:  

nosystemdthanks wrote:
unfortunately mozilla requires pulseaudio these days, which in turn unmutes the speakers every time i pull the headphones out.

Just out of curiosity, I checked this in Firefox+apulse. There was no such bad behaviour.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1271
Location: Canada

PostPosted: Tue 07 Aug 2018, 17:47    Post subject: Mozilla's new DNS resolution is dangerous
Subject description: All your DNS traffic will be sent to Cloudflare
 

https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/

With their next patch Mozilla will introduce two new features to their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted Recursive Resolver (TRR). In this article we want to talk especially about the TRR. They advertise it as an additional feature which enables security. We think quite the opposite: we think it's dangerous, and here's why.
Back to top
View user's profile Send private message 
upnorth


Joined: 11 Jan 2010
Posts: 284
Location: Wisconsin UTC-6 (-5 DST)

PostPosted: Thu 09 Aug 2018, 18:52    Post subject:  

That article made for good comedy reading Smile
Too bad it didn't have a comment section Twisted Evil

added:
Here is cloudflare's info:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/

New article today 20 August on thereg:
https://www.theregister.co.uk/2018/08/20/dns_interception/
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0509s ][ Queries: 11 (0.0063s) ][ GZIP on ]