Hi Patrick,
Consider me a somewhat informed EU-based internet user.
I support Mozilla pushing forward with DNS integrity and privacy. I hope the
study can shed more insight into how widespread the problems are, without
causing overreactions, panic and loss of perspectives. I have no objection t
On 3/21/18 9:04 AM, Axel Hecht wrote:
> I have a couple of further questions:
>
> One is about the legal impact on users. DNS mangling is part of law
> enforcement strategies in many parts of the world (incl Germany).
Would you mind describing this in more detail? What kind of DNS mangling
do yo
On 3/21/18 10:53 AM, tom...@gmail.com wrote:
On Wednesday, March 21, 2018 at 3:30:48 PM UTC+1, Boris Zbarsky wrote:
The point is to gather data on how this behaves in the wild. If the
study is opt-in, then you have to try to figure out what part of the
effect you're seeing (if any) is just sele
I have a couple of further questions:
One is about the legal impact on users. DNS mangling is part of law
enforcement strategies in many parts of the world (incl Germany). We
should restrict this experiment to regions where Mozilla knows that
there's no legal trouble of using DoH and cloudflar
On Wednesday, March 21, 2018 at 3:30:48 PM UTC+1, Boris Zbarsky wrote:
> The point is to gather data on how this behaves in the wild. If the
> study is opt-in, then you have to try to figure out what part of the
> effect you're seeing (if any) is just selection effects.
>From my understanding o
On 3/21/18 10:02 AM, tom...@gmail.com wrote:
I also don't see any arguments why this *needs* to be opt-out?
The point is to gather data on how this behaves in the wild. If the
study is opt-in, then you have to try to figure out what part of the
effect you're seeing (if any) is just selection
On Tuesday, March 20, 2018 at 3:35:48 AM UTC+1, Kris Maglione wrote:
> >Let me add my voice as a person outside the network team who can understand
> >the concerns and _still thinks we should be doing this_.
>
> I'll second this.
>
> I think it's reasonable to be concerned about the public reacti
+1 (as a Moz fan and privacy expert)
On Tue, Mar 20, 2018 at 2:35 AM, Kris Maglione wrote:
> On Mon, Mar 19, 2018 at 07:27:39PM -0700, Nicholas Alexander wrote:
>>
>> Hi all,
>>
>> On Mon, Mar 19, 2018 at 3:56 PM, Xidorn Quan wrote:
>>
>>> It's fine to embed this experiment in the product, and b
Note, this effort is already being reported in the tech press based on this
thread. For example:
https://www.theregister.co.uk/AMP/2018/03/20/mozilla_firefox_test_of_privacy_mechanism_prompts_privacy_worries/
A blog post does sound like a good idea.
On Mon, Mar 19, 2018, 11:33 PM Dave Townsend
On Tue, Mar 20, 2018 at 3:02 AM, Henri Sivonen wrote:
> I understand that the goal is better privacy. But it's likely that
> people get outraged if a browser sends information about what is
> browser to an off-path destination without explicit consent regardless
> of intention, nightliness or pro
On Tue, Mar 20, 2018 at 11:43:13AM +0100, Frederik Braun wrote:
On 20.03.2018 04:33, Dave Townsend wrote:
The DoH service
we're using is likely more private than anything the user is currently
using.
This is only true for some parts of the world.
I'd like us not to regress for our user base
On 2018-03-19 11:33 PM, Dave Townsend wrote:
As one of the folks who brought up the initial concern let me be clear that
at this point my only real concern here is one of optics. The DoH service
we're using is likely more private than anything the user is currently
using.
It isn't explicit ri
On 20.03.2018 04:33, Dave Townsend wrote:
> The DoH service
> we're using is likely more private than anything the user is currently
> using.
This is only true for some parts of the world.
I'd like us not to regress for our user base globally here.
___
As one of the folks who brought up the initial concern let me be clear that
at this point my only real concern here is one of optics. The DoH service
we're using is likely more private than anything the user is currently
using. I just don't want to see random folks on the web "discover" these
DoH r
On 3/19/18 8:59 PM, Boris Zbarsky wrote:
> On 3/19/18 1:08 PM, Selena Deckelmann wrote:
>> There's a lot of thinking that went into the agreement we have with
>> Cloudflare to enable this experiment in a way that respects user privacy.
>
> I would like us to be very clear that there are two separa
On 3/19/18 1:08 PM, Selena Deckelmann wrote:
There's a lot of thinking that went into the agreement we have with
Cloudflare to enable this experiment in a way that respects user privacy.
I would like us to be very clear that there are two separate things here:
1) Is this behavior good for use
On Mon, Mar 19, 2018 at 07:27:39PM -0700, Nicholas Alexander wrote:
Hi all,
On Mon, Mar 19, 2018 at 3:56 PM, Xidorn Quan wrote:
It's fine to embed this experiment in the product, and blog about it, but
it's definitely not fine to have it enabled by default and send every DNS
request to a thir
Hi all,
On Mon, Mar 19, 2018 at 3:56 PM, Xidorn Quan wrote:
> It's fine to embed this experiment in the product, and blog about it, but
> it's definitely not fine to have it enabled by default and send every DNS
> request to a third-party.
>
> I can understand that the intent must be good, and f
It's fine to embed this experiment in the product, and blog about it, but it's
definitely not fine to have it enabled by default and send every DNS request to
a third-party.
I can understand that the intent must be good, and for better privacy, but the
approach of doing so is not acceptable. Us
On Mon, Mar 19, 2018 at 7:08 PM, Selena Deckelmann wrote:
> and also in terms of the regulatory environment in the US) allows *all* of
> this data to be collected indefinitely and sold to third parties.
Some users are in countries where it's illegal for the ISP to sell
this information to third p
Hi!
Thanks for all the thoughtful comments about this experiment. The intent of
this work is to provide users privacy-respecting DNS. Status quo for DNS
does not offer many users reasonable, informed choice about log retention,
and doesn't offer encrypted DNS. Users also cannot be reasonably expec
On Mon, 19 Mar 2018, Martin Thomson wrote:
I don't know if it is possible to know if you have a manually-configured DNS
server, but disabling this experiment there if we can determine that would
be good - that might not be something to worry about with Nightly, but it
seems like it might be ne
Is running the service ourselves out of the question? If so, how come?
I mean I know we're not really in the business of running massive
scale DNS; but running it for a month, and ramping up the people
included in the study so we can monitor load seems feasible.
The goal of the study is described
On Mon, Mar 19, 2018 at 1:25 PM, Patrick McManus wrote:
> The objective here is a net improvement for privacy and integrity.
I understand that the goal is better privacy. But it's likely that
people get outraged if a browser sends information about what is
browser to an off-path destination witho
Daniel
Le 19 mars 2018 à 17:07, Daniel Stenberg a écrit :
> What other precautions or actions can we do to reduce the risk of this being
> perceived as problematic?
opt-in only. That's the only way.
What seems innocuous for someone deep into the topic is not necessary the same
for others. W
On Mon, Mar 19, 2018 at 11:48 AM, Martin Thomson wrote:
> Yes, it pays to remember that this is Nightly.
Even on Nightly we place pretty severe restrictions on ourselves when
it comes to user data, e.g., for telemetry. This definitely goes
beyond the kind of data I would expect Mozilla, let alone
Yes, it pays to remember that this is Nightly.
The precautions Henri suggests are good, but more appropriate to
experiments we would do on Release. For TLS 1.3, we did that sort of
thing so that we could get measurements from Release; we just flipped
the switch to "on" for Nightly.
I don't know
The objective here is a net improvement for privacy and integrity. It is
indeed a point of view with Nightly acting as an opinionated User Agent on
behalf of its users. IMO we can't be afraid of pursuing experiments that
help develop those ideas even when they move past traditional modes.
Tradition
On Mon, Mar 19, 2018 at 8:10 AM, Henri Sivonen wrote:
> On Mon, Mar 19, 2018 at 3:18 AM, Eric Shepherd (Sheppy)
> wrote:
>> I definitely see some easy ways this could be problematic from a public
>> relations perspective given things going on in the industry these days and
>> some of our own mist
On Mon, Mar 19, 2018 at 10:07 AM, Daniel Stenberg wrote:
> On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote:
>
> I don't have such a far-reaching agreement with my ISP and its DNS.
1) Mozilla doesn't choose the ISP on users' behalf. (This is the key reason.)
2) The ISP sees the Host header in un
On 19/03/2018 09:07, Daniel Stenberg wrote:
> On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote:
>
> I don't have such a far-reaching agreement with my ISP and its DNS. I
> don't have such an agreement at all with 8.8.8.8 or other publicly
> provided DNS operators.
Yes, you're perfectly right, but
On Mon, Mar 19, 2018 at 3:18 AM, Eric Shepherd (Sheppy)
wrote:
> I definitely see some easy ways this could be problematic from a public
> relations perspective given things going on in the industry these days and
> some of our own mistakes the in the past. It's definitely worth taking a
> little
On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote:
I don't have such a far-reaching agreement with my ISP and its DNS. I don't
have such an agreement at all with 8.8.8.8 or other publicly provided DNS
operators.
What other precautions or actions can we do to reduce the risk of this being
per
I definitely see some easy ways this could be problematic from a public
relations perspective given things going on in the industry these days and
some of our own mistakes the in the past. It's definitely worth taking a
little while to consider the implications before throwing the switch.
On Sun,
On Sun, Mar 18, 2018 at 5:27 PM Patrick McManus
wrote:
> Obviously, using a central resolver is the downside to this approach - but
> its being explored because we believe that using the right resolver can be
> a net win compared to the disastrous state of unsecured local DNS and
> privacy and hi
Obviously, using a central resolver is the downside to this approach - but
its being explored because we believe that using the right resolver can be
a net win compared to the disastrous state of unsecured local DNS and
privacy and hijacking problems that go on there. Its just a swamp out there
(yo
On Sat, Mar 17, 2018 at 3:51 AM Patrick McManus
wrote:
> DoH is an open standard and for this test we'll be using the DoH server
> implementation at Cloudflare. As is typical for Mozilla, when we
> default-interact with a third party service we have a legal agreement in
> place to look out for th
Hi All, FYI:
Soon we'll be launching a nightly based pref-flip shield study to confirm
the feasibility of doing DNS over HTTPs (DoH). If all goes well the study
will launch Monday (and if not, probably the following Monday). It will run
<= 1 week. If you're running nightly and you want to see if y
38 matches
Mail list logo