Obviously, using a central resolver is the downside to this approach - but its being explored because we believe that using the right resolver can be a net win compared to the disastrous state of unsecured local DNS and privacy and hijacking problems that go on there. Its just a swamp out there (you can of course disable this from about:studies or just by setting your local trr.mode pref to 0 - but this discussion is meaningfully about defaults.)
And in this case the operating agreement with the dns provider is part of making that right choice. For this test that means the operator will not retain for themselves or sell/license/transfer to a third party any PII (including ip addresses and other user identifiers) and will not combine the data it gets from this project with any other data it might have. A small amount of data necessary for troubleshooting the service can be kept at most 24 hrs but that data is limited to name, dns type, a timestamp, a response code, and the CDN node that served it. On Sun, Mar 18, 2018 at 11:51 PM, Dave Townsend <dtowns...@mozilla.com> wrote: > On Sat, Mar 17, 2018 at 3:51 AM Patrick McManus <pmcma...@mozilla.com> > wrote: > >> DoH is an open standard and for this test we'll be using the DoH server >> implementation at Cloudflare. As is typical for Mozilla, when we >> default-interact with a third party service we have a legal agreement in >> place to look out for the data retention/use/redistribution/etc interests >> of both our users and Mozilla itself. >> > > So my understanding of the study is that for those in the study branch > (50% of Nightly users) we'll be sending every hostname they visit to > Cloudflare. That sounds problematic to me. Can you give more details about > the legal agreement? > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
