Disable DNS over HTTPS
2020-02-26 23:39
by zlg

Mozilla recently changed Firefox so that all United States users are using
technology called DNS-over-HTTPS[1], which stuffs your DNS queries into an
HTTPS request, which then spits back the IP to connect to. On its surface it's
supposed to be "more secure", but the default DoH provider is Cloudflare. [2]
This should be alarming to anyone who considers centralization a threat. The
effect of this is that all Firefox traffic will be routed through Cloudflare.

Cloudflare uses Google captchas and other analytics. Mozilla has also been
gathering "anonymous browsing data" through their Studies platform. [3] The only
reason to gather this data is to sell it. As such, I do not recommend using any
of Mozilla's products.

If you're intent on staying with Firefox, you can disable DoH:

1. Open 'about:config';
2. Search for 'network.trr.mode', and set it to 5. If it doesn't exist, create
  it, so when you update Firefox the key will already be made. See [4] for a
  description of the magic numbers used here.
3. Restart your browser.

Be sure to do this for *all* Firefox installations.

Who knows how long they'll allow it. At present I cannot recommend any HTTP
browsers. The whole protocol is a mess, as are the attempts to secure it.

If you've been paying attention, it's become harder and harder to run your own
website, because corporations and browser vendors (one and the same here) keep
changing the requirements to be considered "secure". This is a repeat of what's
happened to the e-mail protocol, and apparently we'll need to fuck up HTTP to
relearn that lesson.

We need to have a serious conversation about trust and networking. Large,
powerful organizations are trying to steer what the public does online and we're
expected to just trust them. What have they done to deserve our trust? We read
about leak after leak of data; data that wouldn't leak if it wasn't gathered in
the first place. And their answer is to trust yet another entity, that we
*don't* have legal agreements with, to our most personal browsing information.
That's a trap, folks.

None of this makes me trust the Web. It highlights how broken TCP/IP itself is.
We need a networking stack that puts security and privacy first, not as a
half-baked, cat's-out-of-the-bag "solution" through corporate partnerships and
continuously changing the requirements for Web authorship.

There are solutions out there to sandbox your browser: Firejail, a chroot,
whatever "universal packaging solution" is hip on Linux these days, or just a
regular ol' VM.

If you have to use all of these things dressed up to the nines to browse the
Web, then it's time to realize that HTTP(S) Is Harmful.

-z

[1]: https://blog.mozilla.org/blog/2020/02/25/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/
[2]: https://wiki.mozilla.org/Trusted_Recursive_Resolver#network.trr.resolvers
    (check this key in your browser and it will say Cloudflare unless you've
     changed it.)
[3]: https://groups.google.com/forum/#!topic/mozilla.governance/81gMQeMEL0w
[4]: https://wiki.mozilla.org/Trusted_Recursive_Resolver#network.trr.mode

You are viewing proxied material from zaibatsu.circumlunar.space. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.