I'm running 73.0b9 (64-bit) on macOS, and have been using Firefox for some time through a few upgrade cycles. I just checked my setting (Preferences | General | Network Settings | Enable DNS over HTTPS), and it is disabled (I did not set this, so I can only assume that it defaults to disabled on upgrades). I can see that the default provider (if I were to enable it) is Cloudflare (from a list that includes NextDNS and 'custom'). I can't say whether the setting is enabled or disabled by default on new installs. Nevertheless, if this is the evidence that Mozilla is "becoming evil", then I'd suggest the author is overstating his case.
If I consider the trade-off with respect to where the majority of threats are likely to come from for most users, I can understand why Mozilla have made this choice. Nevertheless there should have been some kind of user announcement (perhaps when the feature first went live), to inform the users of this critical feature, which has the potential to significantly change their security posture (for good or ill depends on where your threats are coming from, which depends on you).
If those checks don't determine enabling the feature would impact the user experience or security, they do supposedly announce and ask whether it should be enabled, otherwise it's kept disabled. At least for "the US rollout", which I assume is currently the only rollout rather than only US users being asked. I don't quite see what's "ouch" about that, although personally I won't enable it.
Reportedly Mozilla will soon allow use of a custom DoH provider, so you are not going to be hardwired to Cloudflare though the default will matter since most users may not change/investigate it.
Tangentially I was surprised to note that Cloudflare's own page for checking DoH, DNSSEC, eSNI etc. (https://www.cloudflare.com/ssl/encrypted-sni/) shows that DoH is not working for my copy of Firefox even though it is set to use Cloudflare DoH in the settings. The version is the latest, 64-bit, stock Windows 10. Has anyone else experienced the same?
So we have “Fox News” for tech news now? It reads like a Fox News hit piece with anecdotes served up to proof something they need their audience to believe regardless of the truth. Beautiful.
8 comments
[ 3.8 ms ] story [ 33.7 ms ] threadIf I consider the trade-off with respect to where the majority of threats are likely to come from for most users, I can understand why Mozilla have made this choice. Nevertheless there should have been some kind of user announcement (perhaps when the feature first went live), to inform the users of this critical feature, which has the potential to significantly change their security posture (for good or ill depends on where your threats are coming from, which depends on you).
https://support.mozilla.org/en-US/kb/firefox-dns-over-https
Tangentially I was surprised to note that Cloudflare's own page for checking DoH, DNSSEC, eSNI etc. (https://www.cloudflare.com/ssl/encrypted-sni/) shows that DoH is not working for my copy of Firefox even though it is set to use Cloudflare DoH in the settings. The version is the latest, 64-bit, stock Windows 10. Has anyone else experienced the same?