Re: This is bad, was Re: Fedora 33 System-Wide Change proposal:??^M^J systemd-resolved

2020-10-07 Thread Paul Wouters 

On Fri, 2 Oct 2020, Michael Catanzaro wrote:

Hm, thanks for the explanation. I guess the DNS request would indeed be the 
*first* way you lose, because you have to do DNS before you do anything else. 
But you are going to lose immediately after anyway:


* Immediately after you connect to the network, Fedora connects to 
http://fedoraproject.org/static/hotspot.txt to see if you're behind a captive 
portal
* Next, GNOME Software starts checking for updates in the background. You've 
leaked "personal data" to fedoraproject.org again, and also fwupd.


If the locally configured DNS server supports Query Minimalization as
per RFC 7816, at this point you would have only revealed "." or ".org"

If it further supports DNS-over-TLS, and more TLDs will start to support
this, then nothing would be leaked. The world is steadilly moving
towards this. Add encrypted SNI, and you see this improves even more.
That is why governments are actually afraid of the opposite of GDPR
right now. The fear of missing out of seeing DNS/SNI data.

* You open Firefox, it downloads Safe Browsing data from Google. (Admittedly 
this one is probably only behind a European CDN, but maybe Google is having a 
bad day, or maybe IP address logs are sent to the US.)


This argument is that any browsing is a GDPR violation of every browser
and OS. It is not a helpfull discussion, and if worth discussing, it
should be discussed by laywers, not software engineers.

I'm sure my list is missing quite a lot. If your interpretation is correct, 
then I suppose German companies should immediately discontinue use of Fedora, 
and also most other computer operating systems


The goal should always be to do the least amount of personal information
gathering or leaking. Stating "but it leaks over there too" is not a
very strong argument to leak data yourself.

Paul
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal:^M^J systemd-resolved

2020-10-01 Thread Paul Wouters 

On Thu, 1 Oct 2020, Michael Catanzaro wrote:

We are not going to patch out fallback to Cloudflare or Google because it is 
a non-issue. Fallback only happens when you have zero other DNS servers 
configured. When was the last time you connected to a network and there's no 
DHCP, no nothing? The number of users without some other working DNS is 
probably under 0.1%.


DNS discovery is currrently a hot topic at the IETF and there are
various proposals circulating on how a client should behave to find
its best DNS resolver.

Please see the ADD and DPRIVE working groups and their documents. I
posted a few direct links in the last few days already. I think a
mechanism that has been architectured by a wider group of engineers
from a large number of different backgrounds and use cases would be
a more appropriate venue to address this complex policy issue.

Personally, I prefer to prompt the user for permission before deciding
to send their personal data to (mostly US based) entities.

And while the majorit of desktop users _might_ be okay with this implicit
decision, it is always better to confirm that explicitely. You might
think that UI is as bad as the COOKIE popups we now get, but lawyers
disagree with us - whether we like or not that is a universe we live in.

Fruthermore it seems the servers running this will almost always never
want this to happen, as most enterprises these days, especially in
light of TLS 1.3 and encrypted SNI, are more and more reliant on using
the DNS stream as an active firewall.

Paul
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org