Mozilla's Firefox tries closing more privacy holes with new network tech

[steven36]

Mashing up two network technologies -- DNS and HTTPS -- thwarts snooping and tampering.

 

 

Browser makers are trying to thwart network snoopers by encrypting your connections to the web servers that host websites, but Mozilla on Friday began a project to go one step further.

Firefox Nightly, a rough-around-the-edges test version of Mozilla's browser, now includes technology called DNS over HTTPS, Mozilla said. DNS is the Domain Name System used to find the numeric addresses needed to communicate with computers across the network -- 64.30.228.118 for CNET.com, for example -- and HTTPS is the secure version of the Hypertext Transfer Protocol used to fetch data from websites.

The combination, called DoH, prevents middlemen from figuring out what internet servers you're trying to reach -- and from tampering with results to do wicked things like sending you to a fake version of a website.

 

"Domain Name Service is one of the oldest parts of internet architecture, and remains one that has largely been untouched by efforts to make the web safer and more private," Mozilla said in a blog post. "We're working to change that by encrypting DNS queries and by testing a service that keeps DNS providers from collecting and sharing your browsing history."

 

Privacy is on the front burner these days as Facebook and Cambridge Analytica have revealed just little we actually have. Firefox's embrace of DoH wouldn't have prevented that particular problem, but it does help seal other holes. Privacy and security are technical challenges that aren't ever finished, only gradually improved.

Cloudflare DNS partnership

Mozilla also is taking a number of other measures this year to improve privacy in Firefox, like clamping down on behavior tracking and blocking ad retargeting -- that sometimes creepy situation where you visit a website then shortly after see an ad for it on a different website, or see the same ad follow you around the web.

 

When it comes to actually fulfilling a DNS request, Mozilla needs a partner that offers DNS services to its privacy standards. It picked Cloudflare, an internet infrastructure company that recently launched its own publicly available DNS service.

 

"We've chosen Cloudflare because they agreed to a very strong privacy agreement that protects your data," Mozilla said.

 

In Firefox Nightly, Mozilla will test both conventional DNS and DoH, comparing the results to see if there are any problems.

Google's also tackling DNS privacy

Google is trying a related technology called DNS over TLS that accomplishes much the same thing. It's built the feature into Android P, the next version of its mobile phone software. That can already be tested in beta form if you have a compatible phone.

 

"In the future, we hope that all operating systems will include secure transports for DNS, to provide better protection and privacy for all users on every new connection," Google programmers Erik Kline and Ben Schwartz said in an April blog post about the move.

 

Source

[jbgoode]

Sounds like a plan

 

@jbgoode Please have a look about Thanks.

[Karlston]

I wonder if DNS over TLS will break local domain blocking? At the router with dnsmasq or with a Pi-Hole etc...

 

Hopefully it'll be optional, but these days I trust Mozilla about as much as I do Microsoft. Not at all.

[Israeli_Eagle]

12 minutes ago, Karlston said:

I wonder if DNS over TLS will break local domain blocking? At the router with dnsmasq or with a Pi-Hole etc...

 

Hopefully it'll be optional, but these days I trust Mozilla about as much as I do Microsoft. Not at all.

 

... and even less Google. 

 

[steven36]

 

44 minutes ago, Karlston said:

Hopefully it'll be optional, but these days I trust Mozilla about as much as I do Microsoft. Not at all.

What browser you using now?  i use Firefox mostly  in  Windows i also have portables of other browsers but i dont like installing things i don't use very often . In linux I use waterfox because i use flashgot for  my download mangers  and i have chromium browser installed because it's foss  as well  . I dont worry about dns i just use my vpns dns and  on linux i set my default dns to open nic  to make sure she don't leak when using a vpn that's about it.

 

 

 

 

[tao]

To date many holes have been closed opening new ones.  Must be some law of the iNet. 

[nIGHT]

13 minutes ago, sva said:

To date many holes have been closed opening new ones.  Must be some law of the iNet. 

....and MS is very famous for it.

[steven36]

It is a law in the EU  but it dont help in the case of browsers  or even websites . In the case of browsers you consent to letting them harvest you're  data when you install it . And webpages ether make you consent to them harvesting you're data or if they can't afford it they just block you witch is the cheapest way . Lol it's about like installing windows and you give them consent in order to use them there is no real opting out.

 

Firefox/Data Collection

https://wiki.mozilla.org/Firefox/Data_Collection

Interesting  read here on this at r/privacy

Chromium vs Brave vs Firefox - when it comes to privacy how much difference is there really?

https://old.reddit.com/r/privacy/comments/87sqsa/chromium_vs_brave_vs_firefox_when_it_comes_to/

 

If you use Chromium based browsers it's best to use Chromium. , or Brave  because they will have the security updates , If going to use Closed source you may as well install Google because really you cant trust none of them because it's not foss and you can't really  review the code and reverse the changes .. 

 

[tao]

18 minutes ago, nIGHT said:

....and MS is very famous for it.

Alas.

It's the same with human brain -- the root cause.

But we don't see or we don't want to see or we don't want to acknowledge.

[steven36]

The warez sites so far have not changed anything  and ive not really been blocked using and EU ip on warez sites yet when this happens i will switch ips too down in South America somewhere . Even in countries were pirate sites have been blocked VPN ips for the country still work so it is only being blocked at and isp level and not a vpn level . Only so far i get blocked using the EU ips by legit websites .

[Karlston]

3 hours ago, steven36 said:

What browser you using now?

 

Firefox version 56.0.2.

 

The hyped Quantum still doesn't give me all the functionality that I want, courtesy of WebExtensions trashing useful addons.

[steven36]

10 minutes ago, Karlston said:

 

Firefox version 56.0.2.

 

The hyped Quantum still doesn't give me all the functionality that I want, courtesy of WebExtensions trashing useful addons.

I've gave up  and  using Quantum now  most addons i need on windows work in new firefox  .

[Karlston]

2 hours ago, steven36 said:

I've gave up  and  using Quantum now  most addons i need on windows work in new firefox  .

 

Do you use a Firefox Session Manager with Quantum that actually works? I tried them all a month or two ago, and none worked, they all fail to remember tab changes or load garbage URL's.

 

Nothing beats the ultra-reliable Tab Mix Plus session save/restore. Except Mozilla of course, who *still* haven't provided a useful API to let session save/restore work properly.

[steven36]

8 hours ago, Karlston said:

 

Do you use a Firefox Session Manager with Quantum that actually works? I tried them all a month or two ago, and none worked, they all fail to remember tab changes or load garbage URL's.

 

Nothing beats the ultra-reliable Tab Mix Plus session save/restore. Except Mozilla of course, who *still* haven't provided a useful API to let session save/restore work properly.

Did you vote  on them fixing these bugs?

https://old.reddit.com/r/firefox/comments/7m8nvx/can_session_manager_tab_session_manager_coexist/drslt43/

 

I don't use these addons myself you're talking about i never wanted to restore my old sessions once i'm gone i'm gone  if i need to look up my history i just go to history / show all history and type in what i'm looking for, but i delete it every few days anyway to keep the software running good.   i just save what ever I'm interested in FVD Speed dial i use this a lot more even now you cant get old search  back ,i use to add sites to search , to bookmarks and speed dial . but there is a group of guys trying to get you're issues fixed you have to join bugzilla and vote on the bugs the link i posted above has the info, the reason bugs like these never get fixed people don't vote  to have them fixed  and a lot of us dont use these addons no way.   .Good luck !!!

[Ecarion]

11 hours ago, Karlston said:

The hyped Quantum still doesn't give me all the functionality that I want [...]

That's right because (after almost 8 months) I can't find any addons to replace :

• Cookie Keeper
• Refresh Blocker

lockPref("network.cookie.cookieBehavior",2);
lockPref("network.cookie.lifetimePolicy",2);

Because when Firefox-v57 (aka Quantum) was published, they forgot the button Exceptions... (on the page about:preferences#privacy).

That's why even today (with Firefox-v62) I'm stuck because Mozilla doesn't provide (none API) any solution (to handle the Cookies Exceptions list as you wish) and that's just bad.

[jbgoode]

 

On 6/1/2018 at 10:48 PM, jbgoode said:

 

@jbgoode Please have a look about Thanks.

What is your point?

[Ecarion]

On the moment, I haven't think (forgot ? Yes) about :

lockPref("accessibility.blockautorefresh",true);

From another point of view, it's perhaps one solution to replace (the addon) Refresh Blocker... But I had never found how to disable (for ever) the warning message...

For me, it's very annoying because I rather one icon (in the bar adress url).