We encourage #Firefox users who do not want US-based company Cloudflare to see which websites they are visiting to type about:config into their browser's address bar and then set:
network.trr.mode = 5
By the way: Though based on Firefox, TorBrowser is not affected.
@Digitalcourage Do you know if waterfox is affected?
In the US, it is absolutely *not* better to trust your ISP's DNS servers, as they are known to do a number of shady things (NXDOMAIN hijacking, domain blocks). I understand the threat models are different in Europe, but the amount of bad reporting on this story is ridiculous and only benefits Google.
@gcupc Usually we toot in German only, but we provided an English translation of this one after a reader requested it. Maybe this will help Mozilla understand that threat models vary across the globe. Somebody suggested the DNS services should be as easily selectable as search engines. Sounds good. But but the local ISP is a better default than one big company that caters for all. /c
@Digitalcourage Is there an easier way to do this than about:config settings? I've got a bunch of other people's computers to look after behind an adblocking DNS server, and if I have to babysit each and every one of them like this, I may as well just uninstall Firefox on them.
@Digitalcourage please stop the misinformation. currently all that is happening is that #mozilla is doing a TEST in #firefox nightly and only with participants that take part in the study. and even there the DNS response is not used but thrown away.
@Digitalcourage A clearer understanding that this is a test the Alpha channel called Nightly would be more helpful to your readers.
Stating "Though based on Firefox, TorBrowser is not affected." is actually the same mental model for the Firefox release channel.
Even though Firefox release comes after Nightly it is currently NOT affected, and might not be for some time. If at all. Depends on the tests!
Earliest release channel is Oct 23. https://wiki.mozilla.org/RapidRelease/Calendar
@david_ross “Depends on the tests” – does this mean TRR/DoH will be enabled by default if it works efficiently? Or will Mozilla ask users before enabling TRR by default? In other words, are users' wishes part of the test? We are all about users' choice, or self-determination if you will. /c
@Digitalcourage Firefox was founded to provide users with choice. *Unlike the stable Release channel*, by default Nightly sends "anonymized usage statistics."
This `shield study` test requires 2 things:
1) (at a higher level) users allowing about:preferences#privacy >> Nightly Data Collection and Use >> Allow Nightly to install and run studies. When a new user/profile opens Nightly, the Firefox Privacy Notice opens in a tab w/ (attached image) info re pre-release products like Nightly..
2) (specific to this Shield Study) A further opt-in via a pop-up. "There will be occasions where we might prompt you for participation first. This will happen when a particular study needs to collect data that is not covered by default data collection policy. In these situations you'll see a complete disclosure of the data being collected in the study before you make the decision to participate."
@Digitalcourage Clearly sending people's data outside of their regional jurisdiction is problematic (at best), or illegal (at worst).
It'd be a disastrous policy of Firefox to send data to 3rd parties w/out:
1) transparently declaring it intends doing so
2) clarifying how it does so
3) describing how it uses this data
4) how it protects users rights to privacy
5) how a user can opt-out
plus any number of other regional laws surrounding data as observed by things like GDPR and DPA
@Digitalcourage To specifically answer your questions:
Enabled by default? Ask users before enabling?
In all bugs and communications from Mozilla regarding DoH it is stated as OPTIONAL.
In the (unlikely) event of any changes are made to this current policy, Mozilla will transparently communicate through available channels to all users. Through blogs, articles, etc and most importantly - the Firefox UI itself.
@Digitalcourage Any leap to a hypothetical future based upon a strictly limited alpha test, as seen in the article from Sunday, is fraught with presumptions.
You as a service provider, as part of your scanning of possible futures, are right to take precautions of possible futures. This is good business. Savvy!
To assume that future implementations (if they roll to Release and ESR at all) are factual without MOZILLA first stating it's factual, is problematic.
Free software world is *now* like a group of kindergarten children... Destroying their toys and crying after this happens.
I'm fed up with that and after something like 12 years being a Linux user at home full time.