Digitalcourage e.V. is a user on chaos.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Digitalcourage e.V. @Digitalcourage
Follow

We encourage users who do not want US-based company Cloudflare to see which websites they are visiting to type about:config into their browser's address bar and then set:

network.trr.mode = 5

By the way: Though based on Firefox, TorBrowser is not affected.

blog.ungleich.ch/en-us/cms/blo

/c

· Web · 119 · 85

@Digitalcourage We should possibly keep on talking to #Mozilla about this issue. As far as I've been reading, right now these are test cases trying to pursue a generally valid goal.

@z428 Yes. We have tried to talk to them about privacy issue before, but all we received in response was a standard letter that promised exactly nothing. So we are not overly optimistic that they will listen to us this time. /c

@Digitalcourage Oh. That's not too encouraging, indeed. Don't really want to have to search for an alternate browser, especially given I don't really know where else to look... 😐 Thanks for keeping working on this, however.

@Digitalcourage and that will also circumvent things like #PiHole since instead of my DNS server dealing with crap I don't want it'll get happily resolved back again.

@Digitalcourage this is wrong though. It should be an opt-in feature, not an opt-out one.

@gcupc Sorry, we don't know these services, and we don't know who runs them. So It's probably better to trust your local internet provider's DNS server unless they forward everything to Google or Cloudflare. /c

@Digitalcourage
In the US, it is absolutely *not* better to trust your ISP's DNS servers, as they are known to do a number of shady things (NXDOMAIN hijacking, domain blocks). I understand the threat models are different in Europe, but the amount of bad reporting on this story is ridiculous and only benefits Google.

@gcupc Usually we toot in German only, but we provided an English translation of this one after a reader requested it. Maybe this will help Mozilla understand that threat models vary across the globe. Somebody suggested the DNS services should be as easily selectable as search engines. Sounds good. But but the local ISP is a better default than one big company that caters for all. /c

@Digitalcourage Is there an easier way to do this than about:config settings? I've got a bunch of other people's computers to look after behind an adblocking DNS server, and if I have to babysit each and every one of them like this, I may as well just uninstall Firefox on them.

@flussence Maybe it's time to switch. Currently we are looking at the Brave browser. Our draft instructions on how to make it even more privacy friedly are currently available in German only: pad.foebud.org/brave-browser /c

@Digitalcourage please stop the misinformation. currently all that is happening is that #mozilla is doing a TEST in #firefox nightly and only with participants that take part in the study. and even there the DNS response is not used but thrown away.
hacks.mozilla.org/2018/05/a-ca

@steckerhalter We are preparing users for the case that Mozilla should decide to flip the switch and turn on DoH in the stable Firefox channel by default.

@Digitalcourage A clearer understanding that this is a test the Alpha channel called Nightly would be more helpful to your readers.

Stating "Though based on Firefox, TorBrowser is not affected." is actually the same mental model for the Firefox release channel.

Even though Firefox release comes after Nightly it is currently NOT affected, and might not be for some time. If at all. Depends on the tests!

Earliest release channel is Oct 23. wiki.mozilla.org/RapidRelease/

More : hacks.mozilla.org/2018/05/a-ca

@david_ross “Depends on the tests” – does this mean TRR/DoH will be enabled by default if it works efficiently? Or will Mozilla ask users before enabling TRR by default? In other words, are users' wishes part of the test? We are all about users' choice, or self-determination if you will. /c

> We’re asking half of our Firefox Nightly users to help us collect data on performance.

@david_ross
can you ask - how this "half of our users" will be selected?

@Digitalcourage

#DOH #DNSoverHTTPS #trr #firefox

@Digitalcourage Firefox was founded to provide users with choice. *Unlike the stable Release channel*, by default Nightly sends "anonymized usage statistics."

This `shield study` test requires 2 things:

1) (at a higher level) users allowing about:preferences#privacy >> Nightly Data Collection and Use >> Allow Nightly to install and run studies. When a new user/profile opens Nightly, the Firefox Privacy Notice opens in a tab w/ (attached image) info re pre-release products like Nightly..

@Digitalcourage
2) (specific to this Shield Study) A further opt-in via a pop-up. "There will be occasions where we might prompt you for participation first. This will happen when a particular study needs to collect data that is not covered by default data collection policy. In these situations you'll see a complete disclosure of the data being collected in the study before you make the decision to participate."

continues..

@Digitalcourage Clearly sending people's data outside of their regional jurisdiction is problematic (at best), or illegal (at worst).

It'd be a disastrous policy of Firefox to send data to 3rd parties w/out:

1) transparently declaring it intends doing so
2) clarifying how it does so
3) describing how it uses this data
4) how it protects users rights to privacy
5) how a user can opt-out
plus any number of other regional laws surrounding data as observed by things like GDPR and DPA

Continues..

@Digitalcourage To specifically answer your questions:

Enabled by default? Ask users before enabling?

In all bugs and communications from Mozilla regarding DoH it is stated as OPTIONAL.
bugzilla.mozilla.org/show_bug.
hacks.mozilla.org/2018/05/a-ca

In the (unlikely) event of any changes are made to this current policy, Mozilla will transparently communicate through available channels to all users. Through blogs, articles, etc and most importantly - the Firefox UI itself.

Continues..

@Digitalcourage Any leap to a hypothetical future based upon a strictly limited alpha test, as seen in the article from Sunday, is fraught with presumptions.

You as a service provider, as part of your scanning of possible futures, are right to take precautions of possible futures. This is good business. Savvy!

To assume that future implementations (if they roll to Release and ESR at all) are factual without MOZILLA first stating it's factual, is problematic.

/end

@david_ross How to you mean "service provider"? We are an NGO. Read more about us here: digitalcourage.de/en
and in Wikipedia, if you are curious: en.wikipedia.org/wiki/Digitalc /c

@Digitalcourage apologies.. my mistake! Until this weekend your org had not been on my radar.

Nice creds, team! 🤩

If you've need for more clarification or need some questions answered, please do ping me. I can see there's a lot of common ground.

@Digitalcourage but then you should make it clear that it's not even sure that this will ever happen

@Digitalcourage This parameter can only be found in nightlies build as far as I know.

Just tell me I'm wrong and I will modify my message.

@fredbezies The parameter can already be found in the current stable build of Firefox, but not in the ESR edition.

TRR is not on by default yet. The setting we recommend asks Mozilla to never enable it for you. /c

@Digitalcourage Thanks for the info. I'm running nightlies since 2004 or so.

@succfemboi
@Digitalcourage

Well, in about two years from now, Mozilla will be an historical software provider.

Why bothering about it?

Go and kill the only really free software web browser.

I'll be using Chromium because there will be no more choice.

@fredbezies but there are forks. Waterfox is Firefox without spyware, no DRM and they are planning to support older Firefox extensions and webextensions at the same time.
Next there MariaDB, which is a fork of MySQL but with more features and speed. Another one would be Nextcloud, which is a fork of owncloud by the original author, who then made all enterprise-features of Owncloud, open source on Nextcloud @Digitalcourage

@succfemboi
@Digitalcourage

Waterfox? A one person project. And a "it was better before" kind of fork.

Won't last long.

@succfemboi @Digitalcourage
I forgot this part: it won't last long after Firefox death.

Free software world is *now* like a group of kindergarten children... Destroying their toys and crying after this happens.

I'm fed up with that and after something like 12 years being a Linux user at home full time.

@fredbezies If Mozilla goes down, many developers might switch over too.
Remember when the Unity desktop has been discontinued, there is a still running community port of it? Ubuntu touch? It's still supported as UBports. GNOME 2, well enter MATE. The fact that it's open source preserves the availability of the software @Digitalcourage

@succfemboi @Digitalcourage

Browsers and Desktop environment are different.

**You can't compare apples and oranges.**

I'm using Mate, but for Mozilla Firefox, it is the end of the road within two years.