In the EU with the GDPR it would be most unwise to log all DNS requests from customers without reason and without consent. Once the request is then made by the ISP's DNS it is then one amongst a multitude providing privacy. DoH providers are US-based. Bad start…
-
-
Replying to @cynicalsecurity @bagder and
Tavis Ormandy Retweeted Matthew Prince 🌥
Three things, I'm European and I use encrypted protocols. DoH is just a protocol, you can use it with both nodes in Europe if that makes you happy. Thirdly, see this tweet, major providers already do comply with GPDR and Privacy Shield, so non-issue
https://twitter.com/eastdakota/status/1181620950653181952 …Tavis Ormandy added,
Matthew Prince 🌥Verified account @eastdakotaReplying to @floorter @taviso and 4 othersThat’s correct. We have presence in London (EU for a bit longer) and Lisbon and comply with Privacy Shield and GDPR. Counter intuitively, we have *much* stronger protections against US gov’t requests as a US-based global company. But understand that’s not the general perception.2 replies 0 retweets 1 like -
Tavis, please, don't treat me like an idiot… "encrypted protocol" because the issue with DNS is that they sniff the link between you and the ISP so you exchange it for giving a single party all your DNS traffic in a nice identifiable way? Encryption to surrender privacy…
2 replies 0 retweets 1 like -
Replying to @cynicalsecurity @taviso and
So you are telling me that DNS running to my local router aggregating all the users in my house (and caching answers keeping them "in house", then off to the ISP which again caches and aggregates is worse than a direct link to a unique DNS?
1 reply 0 retweets 0 likes -
Replying to @cynicalsecurity @taviso and
Not to mention the interesting issue if suddenly they go bust / have a major BGP failure or some nation decides to drop peering with them. Single point of failure.
1 reply 0 retweets 1 like -
Replying to @cynicalsecurity @bagder and
Your ISP is a SPOF, what if they go bust or have a major BGP failure? DoH doesn't change the status quo here.
1 reply 0 retweets 0 likes -
ISPs go bust and you get a new line… do you go and change the config for all the Firefox installs? I've seen fewer BGP failures than technical collapses at cloud providers to be honest and I've been speaking BGP for 30 yrs now… Look, peace, we disagree, that's it.
2 replies 0 retweets 0 likes -
Replying to @cynicalsecurity @bagder and
Wait, you're talking about Firefox? How is your mum getting this in Italy, I thought Firefox only enabled it in US? https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs#w_are-you-rolling-this-default-out-in-europe …
1 reply 0 retweets 0 likes -
Geolocation? It definitely had it and she did install the US version.
1 reply 0 retweets 0 likes -
Replying to @cynicalsecurity @taviso and
Furthermore, if the problem was a speed issue, it's a bit FF who should have added a heuristic to measure speed impact of DoH and disable it if it's not fast enough, but it does not seem like it was done:https://github.com/mozilla/doh-rollout/blob/master/src/heuristics.js …
1 reply 0 retweets 0 likes
Fair. They're already falling back on error, so it seems reasonable to also fall back if queries are too slow, if they're not already doing that they probably should. Hopefully in a few years it won't be necessary.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.