Comment Re:I'm not clear on how DNS over HTTPS helps priva (Score 1) 108
The overwhelming majority of people don't even know what DNS is, let alone "run" it. If you "run" your own DNS server then it's trivial to disable Firefox's use of DoH
Your American ISP can't be trusted: several have been caught abusing it. Up to now we've only enabled DoH for users in America. We've now added Canada. People in Europe seem to trust their ISPs a lot more and I haven't heard of any plans to enable it by default there.
I have no idea what the network printer and ESP32 chips thing means
Mozilla does NOT snoop your DNS queries. DOH uses partner resolvers with strong privacy policies and they don't share any of that data back
By default Firefox only knows a set of certificate authorities who agree to abide by certain requirements and are audited. When it encounters an unknown one it has no way to distinguish yours from an attacker's, but if you tell Firefox to trust yours it absolutely will. This is no stricter than any other modern program on your computer which aren't going to trust your home-rolled CA unless you tell them to. If you've installed your own CA into your Mac or Windows OS Firefox should now be able to find it and trust it without you doing anything specifically for Firefox.
You can totally disable any builti-in CA. you can't "remove" them because the default set is compiled in, but you can definitely change them from trusted to untrusted. I've done that myself with all but the biggest CAs.
Comment Re:I'm not clear on how DNS over HTTPS helps priva (Score 2) 108
Comment Re:I'm not clear on how DNS over HTTPS helps priva (Score 1) 108
Mozilla is small tech: fewer than 800 employees, compared to Google's 100,000 employees and 120,000 contractors (per a 2019 NYT article, probably more now) and similar sizes for other tech giants. And although our HQ is in America, 1/4 to 1/3 of our employees are based in Canada, including the executive director of the non-profit Mozilla Foundation that owns us.
Comment Re:I'm not clear on how DNS over HTTPS helps priva (Score 1) 108
I have a hard time discerning whether your attempts at reassurance are wilfully disingenious or misguided. I'm going to go with Hanlon's razor. You still think DoH is a good idea, after all.
I do. I don't think its a perfect solution, but it's a good one that adds privacy and security improvements that will prevent real, documented abuses, and can be made functional on today's internet with reasonable tradeoffs.
PKI problems are a separate mess, which obviously impact DoH but more importantly everything else. There have been a lot of improvements there, too, over the past few years in policy and enforcement. For example, CAs are now required to publish certs in auditable CT logs, and errors are getting caught and fixed. But that's off-topic for this thread. If you'd like you can see the conversations between browser vendors, Certificate Authorities, and other interested folks about these issues and problems at https://groups.google.com/a/mo...
Comment Re:I'm not clear on how DNS over HTTPS helps priva (Score 1) 108
Did they make that promise in a legal agreement with another company?
Ultimately for a free market to work someone has to hold companies to account for the claims and promises they make. We have a long history that shows a fair number of people are happy to rip customers off with whatever false promises they can get away with. If you're unhappy that companies are getting away with fraud you should demand that your representatives fix that.
Comment Re: I'm not clear on how DNS over HTTPS helps priv (Score 1) 108
DoH just monetizes DNS for a select few.
You lost me here.
Comment Re:I'm not clear on how DNS over HTTPS helps priva (Score 1) 108
Comment Re:why this is not as good as you all think (Score 2) 108
Comment Re:I'm not clear on how DNS over HTTPS helps priva (Score 4, Informative) 108
Comment Firefox 36.0.3 patches Pwn2Own exploits (Score 1) 237
Comment Re:haven't we learned from the last 25 exploits? (Score 1) 68
Comment Re:And yet, mozilla won't let you disable javascri (Score 1) 68
Comment Re:interesting take. (Score 1) 158
Comment Re:Incentives (Score 1) 95
As the Firefox Security Manager I completely and vehemently disagree. I employ a team that spends 100% of their time "going on bug-hunts" looking for security bugs in Firefox, and I know my counter-part at Google is doing the same for Chrome. Our Bug Bounty programs (VRP? ugh, so very corporate) are an incentive for people who stumble on neat stuff to pass it on, not a substitute for doing the work ourselves.