Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Hi Patrick, Consider me a somewhat informed EU-based internet user. I support Mozilla pushing forward with DNS integrity and privacy. I hope the study can shed more insight into how widespread the problems are, without causing overreactions, panic and loss of perspectives. I have no objection

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 3/21/18 9:04 AM, Axel Hecht wrote: > I have a couple of further questions: > > One is about the legal impact on users. DNS mangling is part of law > enforcement strategies in many parts of the world (incl Germany). Would you mind describing this in more detail? What kind of DNS mangling do

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 3/21/18 10:53 AM, tom...@gmail.com wrote: On Wednesday, March 21, 2018 at 3:30:48 PM UTC+1, Boris Zbarsky wrote: The point is to gather data on how this behaves in the wild. If the study is opt-in, then you have to try to figure out what part of the effect you're seeing (if any) is just

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

I have a couple of further questions: One is about the legal impact on users. DNS mangling is part of law enforcement strategies in many parts of the world (incl Germany). We should restrict this experiment to regions where Mozilla knows that there's no legal trouble of using DoH and

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Wednesday, March 21, 2018 at 3:30:48 PM UTC+1, Boris Zbarsky wrote: > The point is to gather data on how this behaves in the wild. If the > study is opt-in, then you have to try to figure out what part of the > effect you're seeing (if any) is just selection effects. >From my understanding

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 3/21/18 10:02 AM, tom...@gmail.com wrote: I also don't see any arguments why this *needs* to be opt-out? The point is to gather data on how this behaves in the wild. If the study is opt-in, then you have to try to figure out what part of the effect you're seeing (if any) is just

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Tuesday, March 20, 2018 at 3:35:48 AM UTC+1, Kris Maglione wrote: > >Let me add my voice as a person outside the network team who can understand > >the concerns and _still thinks we should be doing this_. > > I'll second this. > > I think it's reasonable to be concerned about the public

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

+1 (as a Moz fan and privacy expert) On Tue, Mar 20, 2018 at 2:35 AM, Kris Maglione wrote: > On Mon, Mar 19, 2018 at 07:27:39PM -0700, Nicholas Alexander wrote: >> >> Hi all, >> >> On Mon, Mar 19, 2018 at 3:56 PM, Xidorn Quan wrote: >> >>> It's fine to

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Note, this effort is already being reported in the tech press based on this thread. For example: https://www.theregister.co.uk/AMP/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/ A blog post does sound like a good idea. On Mon, Mar 19, 2018, 11:33 PM Dave Townsend

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Tue, Mar 20, 2018 at 3:02 AM, Henri Sivonen wrote: > I understand that the goal is better privacy. But it's likely that > people get outraged if a browser sends information about what is > browser to an off-path destination without explicit consent regardless > of

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Tue, Mar 20, 2018 at 11:43:13AM +0100, Frederik Braun wrote: On 20.03.2018 04:33, Dave Townsend wrote: The DoH service we're using is likely more private than anything the user is currently using. This is only true for some parts of the world. I'd like us not to regress for our user base

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 2018-03-19 11:33 PM, Dave Townsend wrote: As one of the folks who brought up the initial concern let me be clear that at this point my only real concern here is one of optics. The DoH service we're using is likely more private than anything the user is currently using. It isn't explicit

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 20.03.2018 04:33, Dave Townsend wrote: > The DoH service > we're using is likely more private than anything the user is currently > using. This is only true for some parts of the world. I'd like us not to regress for our user base globally here.

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

As one of the folks who brought up the initial concern let me be clear that at this point my only real concern here is one of optics. The DoH service we're using is likely more private than anything the user is currently using. I just don't want to see random folks on the web "discover" these DoH

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 3/19/18 8:59 PM, Boris Zbarsky wrote: > On 3/19/18 1:08 PM, Selena Deckelmann wrote: >> There's a lot of thinking that went into the agreement we have with >> Cloudflare to enable this experiment in a way that respects user privacy. > > I would like us to be very clear that there are two

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 3/19/18 1:08 PM, Selena Deckelmann wrote: There's a lot of thinking that went into the agreement we have with Cloudflare to enable this experiment in a way that respects user privacy. I would like us to be very clear that there are two separate things here: 1) Is this behavior good for

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, Mar 19, 2018 at 07:27:39PM -0700, Nicholas Alexander wrote: Hi all, On Mon, Mar 19, 2018 at 3:56 PM, Xidorn Quan wrote: It's fine to embed this experiment in the product, and blog about it, but it's definitely not fine to have it enabled by default and send every

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Hi all, On Mon, Mar 19, 2018 at 3:56 PM, Xidorn Quan wrote: > It's fine to embed this experiment in the product, and blog about it, but > it's definitely not fine to have it enabled by default and send every DNS > request to a third-party. > > I can understand that the intent

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

It's fine to embed this experiment in the product, and blog about it, but it's definitely not fine to have it enabled by default and send every DNS request to a third-party. I can understand that the intent must be good, and for better privacy, but the approach of doing so is not acceptable.

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, Mar 19, 2018 at 7:08 PM, Selena Deckelmann wrote: > and also in terms of the regulatory environment in the US) allows *all* of > this data to be collected indefinitely and sold to third parties. Some users are in countries where it's illegal for the ISP to sell this

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Hi! Thanks for all the thoughtful comments about this experiment. The intent of this work is to provide users privacy-respecting DNS. Status quo for DNS does not offer many users reasonable, informed choice about log retention, and doesn't offer encrypted DNS. Users also cannot be reasonably

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, 19 Mar 2018, Martin Thomson wrote: I don't know if it is possible to know if you have a manually-configured DNS server, but disabling this experiment there if we can determine that would be good - that might not be something to worry about with Nightly, but it seems like it might be

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Is running the service ourselves out of the question? If so, how come? I mean I know we're not really in the business of running massive scale DNS; but running it for a month, and ramping up the people included in the study so we can monitor load seems feasible. The goal of the study is described

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, Mar 19, 2018 at 1:25 PM, Patrick McManus wrote: > The objective here is a net improvement for privacy and integrity. I understand that the goal is better privacy. But it's likely that people get outraged if a browser sends information about what is browser to an

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Daniel Le 19 mars 2018 à 17:07, Daniel Stenberg a écrit : > What other precautions or actions can we do to reduce the risk of this being > perceived as problematic? opt-in only. That's the only way. What seems innocuous for someone deep into the topic is not necessary

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, Mar 19, 2018 at 11:48 AM, Martin Thomson wrote: > Yes, it pays to remember that this is Nightly. Even on Nightly we place pretty severe restrictions on ourselves when it comes to user data, e.g., for telemetry. This definitely goes beyond the kind of data I would expect

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Yes, it pays to remember that this is Nightly. The precautions Henri suggests are good, but more appropriate to experiments we would do on Release. For TLS 1.3, we did that sort of thing so that we could get measurements from Release; we just flipped the switch to "on" for Nightly. I don't know

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

The objective here is a net improvement for privacy and integrity. It is indeed a point of view with Nightly acting as an opinionated User Agent on behalf of its users. IMO we can't be afraid of pursuing experiments that help develop those ideas even when they move past traditional modes.

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, Mar 19, 2018 at 8:10 AM, Henri Sivonen wrote: > On Mon, Mar 19, 2018 at 3:18 AM, Eric Shepherd (Sheppy) > wrote: >> I definitely see some easy ways this could be problematic from a public >> relations perspective given things going on in the

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, Mar 19, 2018 at 10:07 AM, Daniel Stenberg wrote: > On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote: > > I don't have such a far-reaching agreement with my ISP and its DNS. 1) Mozilla doesn't choose the ISP on users' behalf. (This is the key reason.) 2) The ISP

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 19/03/2018 09:07, Daniel Stenberg wrote: > On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote: > > I don't have such a far-reaching agreement with my ISP and its DNS. I > don't have such an agreement at all with 8.8.8.8 or other publicly > provided DNS operators. Yes, you're perfectly right, but

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Mon, Mar 19, 2018 at 3:18 AM, Eric Shepherd (Sheppy) wrote: > I definitely see some easy ways this could be problematic from a public > relations perspective given things going on in the industry these days and > some of our own mistakes the in the past. It's definitely

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote: I don't have such a far-reaching agreement with my ISP and its DNS. I don't have such an agreement at all with 8.8.8.8 or other publicly provided DNS operators. What other precautions or actions can we do to reduce the risk of this being

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

I definitely see some easy ways this could be problematic from a public relations perspective given things going on in the industry these days and some of our own mistakes the in the past. It's definitely worth taking a little while to consider the implications before throwing the switch. On Sun,

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Sun, Mar 18, 2018 at 5:27 PM Patrick McManus wrote: > Obviously, using a central resolver is the downside to this approach - but > its being explored because we believe that using the right resolver can be > a net win compared to the disastrous state of unsecured local

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Obviously, using a central resolver is the downside to this approach - but its being explored because we believe that using the right resolver can be a net win compared to the disastrous state of unsecured local DNS and privacy and hijacking problems that go on there. Its just a swamp out there

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On Sat, Mar 17, 2018 at 3:51 AM Patrick McManus wrote: > DoH is an open standard and for this test we'll be using the DoH server > implementation at Cloudflare. As is typical for Mozilla, when we > default-interact with a third party service we have a legal agreement in >

FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Hi All, FYI: Soon we'll be launching a nightly based pref-flip shield study to confirm the feasibility of doing DNS over HTTPs (DoH). If all goes well the study will launch Monday (and if not, probably the following Monday). It will run <= 1 week. If you're running nightly and you want to see if