There are some serious concerns with Firefox's plans to turn in DoH. I, for one, am not happy with all Firefox DNS traffic being sent to a US companies servers. See this article for more info:
> Another way one could do is switching the browser from Firefox, but honestly, we don't know to which. In terms of privacy we haven't found something we can recommend to you out there. In fact that's why this step of Mozilla concerns us so much - they have been the last resort for many of us.
We need to make another browser. I like Mozilla and all, but they aren't infallible, and we're completely reliant on them for web access.
@wizzwizz4 Firefox does a lot of good things, though. As long as there an option to easily turn it off I don't see a need to split off to a different browser. It's also a lot of work to build a browser from scratch, so it would probably make sense to fork Firefox and just pull in the changes without the DoH stuff? Just my thoughts. 🙂
@wizzwizz4 @JayT Waterfox is a Firefox fork which foregoes a lot of the quite hated features of Firefox (notably Pocket and telemetry, and likely DNS over HTTPS as well). More support for the project could see more developments toward it being its own true project.
If can be found here: https://www.waterfox.net/
@wizzwizz4 My fossmendations do not always have an APT package listed, since not all software has (official) APT repositories, including Waterfox.
I have tested the repository you linked (from https://build.opensuse.org/project/show/home:hawkeye116477:waterfox) and it's at the most recent build, and overall matches well with the precompiled version from the Waterfox website. So yes, it will work quite well.
IMHO Mozilla and Firefox should be supported by the opensource community as much as possible, by working with them rather than ditching them each time they make a choice that might not be exactly perfect, because I believe they are trying to do the right thing, and we would be much poorer without them.
@JayT thanks for sharing. Finally understand what that feature does. Will make sure to disable it.
Any projects going on with securing dns in a better way?
@exstral My understanding is:
DoH in principal is good technology, but it should be set:
* At the OS level (so all apps share DNS behaviour)
* Connecting to your DHCP-provided DoH servers by default
This could be implemented in Linux by systemd-resolved, for example, and in one shot get benefits for everything running on the OS. Also, this would allow users to change their DNS server at the OS level and get privacy for everything on their computer.
@JayT The cartoon is right in a technical sense about data protection rights. However, the EU has not enforced GDPR and some of the worst privacy offenders are European, including some governments.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.