Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

Nightly build fans' hostname lookups piped to Cloudflare in limited security feature trial


Mozilla's plan to test a more secure method for resolving internet domain names – known as Trusted Recursive Resolver (TRR) via DNS over HTTPs (DoH) – in Firefox Nightly builds has met with objections from its user community due to privacy concerns.

The browser maker's intentions appear to be beneficial for Firefox users. As Patrick McManus, one of the Mozilla software engineers conducting the test, explains in a note posted this week to one of the company's developer forums, DoH can make DNS communication more secure.

"Access to global DNS data is commonly manipulated and can easily be blocked and/or collected," said McManus. "DNS services are also sometimes poorly provisioned creating performance problems. We posit that integrity and confidentiality protected access to well provisioned larger caches will help our users. In a nutshell, that's what DoH does."

DNS queries and responses have traditionally been sent over UDP or TCP without encryption, making them vulnerable to interception and manipulation. There's an extension to DNS called DNSSEC designed to authenticate DNS interaction, to prevent spoofing, but it does nothing to protect the privacy of DNS queries or responses.

TRR provides a way to select a trusted DNS resolver to handle requests, rather than an insecure plaintext resolver, via a more secure DNS-over-HTTPS server.

McManus and another Mozilla engineer, Daniel Stenberg, want to understand how these protocols affect network performance, in the hope of eventually supporting them more broadly.

But their plan is to conduct their seven-day test on an opt-out basis among half of the tens of thousands of people estimated to be running experimental Firefox Nightly builds, with the other half serving as the experiment's control group.

The test involves sending all DNS lookups submitted by test participants to third-party security provider Cloudflare, and that makes some Firefox users uncomfortable.

Er, is now the time to be trying opt-out data collection?

"Even if it is only Mozilla's nightly browser and for a short period of time I'm a bit disturbed about the possibility of an opt-out only 'send all visited hostnames to a third party US company' study," New Zealand-based developer Chris Double said via Twitter on Monday

Henri Sivonen, a Mozilla software developer based in Helsinki, Finland, echoed this concern and suggested the experiment should not proceed in its proposed form.

"Sending information about what is browsed to an off-path party will erode trust in Mozilla due to people getting upset about privacy-sensitive information ... getting sent to an off-path party without explicit consent," Sivonen wrote on Monday in a developer forum post.

There's something endearingly quaint about fretting over a few thousand people's DNS queries being visible to a third-party like Cloudflare at a time when people are up in arms about Facebook's dispersal of data on 50 million users to data analytics firm Cambridge Analytica.

The dustup harkens back to a time when one-pixel images used for tracking people online were referred to as "web bugs," before the online ad industry succeeded in rebranding such things with the more positive term "web beacon."

In a forum post, Mozilla senior technical writer Eric Shepherd acknowledges that the timing of the experiment is problematic in light of current events.

"I definitely see some easy ways this could be problematic from a public relations perspective given things going on in the industry these days and some of our own mistakes the in the past," he said. "It's definitely worth taking a little while to consider the implications before throwing the switch."

To fix the test, some members of the Mozilla community are calling for the tech trial to be opt-in, common in Europe but generally avoided and lobbied against in the US when possible (because few people bother to opt-in when presented with that choice).

In a statement emailed to The Register, Selena Deckelmann, senior director of engineering for Firefox, said, "At Mozilla we work in the open. We are soliciting feedback on a study that is not yet underway about DNS over HTTPS. We are currently exploring what the right testing approach should be with users who have opted to participate by using Firefox Nightly."

"We feel this technology could provide important protections against spying on people’s web browsing," said Deckelmann. "The way the web currently works, DNS traffic is unencrypted and shared with multiple parties, making data vulnerable to capture. Our proposed study would explore if there is an alternate and potentially more secure way to manage DNS traffic by first encrypting it."

We now return you to your regular social media surveillance and subjugation. ®

Similar topics


Other stories you might like

  • Everything you wanted to know about modern network congestion control but were perhaps too afraid to ask

    In which a little unfairness can be quite beneficial

    Systems Approach It’s hard not to be amazed by the amount of active research on congestion control over the past 30-plus years. From theory to practice, and with more than its fair share of flame wars, the question of how to manage congestion in the network is a technical challenge that resists an optimal solution while offering countless options for incremental improvement.

    This seems like a good time to take stock of where we are, and ask ourselves what might happen next.

    Congestion control is fundamentally an issue of resource allocation — trying to meet the competing demands that applications have for resources (in a network, these are primarily link bandwidth and router buffers), which ultimately reduces to deciding when to say no and to whom. The best framing of the problem I know traces back to a paper [PDF] by Frank Kelly in 1997, when he characterized congestion control as “a distributed algorithm to share network resources among competing sources, where the goal is to choose source rate so as to maximize aggregate source utility subject to capacity constraints.”

    Continue reading
  • How business makes streaming faster and cheaper with CDN and HESP support

    Ensure a high video streaming transmission rate

    Paid Post Here is everything about how the HESP integration helps CDN and the streaming platform by G-Core Labs ensure a high video streaming transmission rate for e-sports and gaming, efficient scalability for e-learning and telemedicine and high quality and minimum latencies for online streams, media and TV broadcasters.

    HESP (High Efficiency Stream Protocol) is a brand new adaptive video streaming protocol. It allows delivery of content with latencies of up to 2 seconds without compromising video quality and broadcasting stability. Unlike comparable solutions, this protocol requires less bandwidth for streaming, which allows businesses to save a lot of money on delivery of content to a large audience.

    Since HESP is based on HTTP, it is suitable for video transmission over CDNs. G-Core Labs was among the world’s first companies to have embedded this protocol in its CDN. With 120 points of presence across 5 continents and over 6,000 peer-to-peer partners, this allows a service provider to deliver videos to millions of viewers, to any devices, anywhere in the world without compromising even 8K video quality. And all this comes at a minimum streaming cost.

    Continue reading
  • Cisco deprecates Microsoft management integrations for UCS servers

    Working on Azure integration – but not there yet

    Cisco has deprecated support for some third-party management integrations for its UCS servers, and emerged unable to play nice with Microsoft's most recent offerings.

    Late last week the server contender slipped out an end-of-life notice [PDF] for integrations with Microsoft System Center's Configuration Manager, Operations Manager, and Virtual Machine Manager. Support for plugins to VMware vCenter Orchestrator and vRealize Orchestrator have also been taken out behind an empty rack with a shotgun.

    The Register inquired about the deprecations, and has good news and bad news.

    Continue reading

Biting the hand that feeds IT © 1998–2021