Notices tagged with privacy, page 13

Improving DNS Privacy in Firefox

Domain Name Service (DNS) is one of the oldest parts of internet architecture, and remains one that has largely been untouched by efforts to make the web safer and more ...

Article word count: 848

HN Discussion: https://news.ycombinator.com/item?id=17203951

Posted by Vinnl (karma: 3867)

Post stats: Points: 94 - Comments: 59 - 2018-06-01T09:59:27Z

#HackerNews #dns #firefox #improving #privacy

Article content:

Domain Name Service (DNS) is one of the oldest parts of internet architecture, and remains one that has largely been untouched by efforts to make the web safer and more private.  On the Firefox network and security teams, we’re working to change that by encrypting DNS queries and by testing a service that keeps DNS providers from collecting and sharing your browsing history.

For more than 30 years, DNS has served as a key mechanism for accessing sites and services on the web. Browsers (including Firefox) use DNS to access a distributed database that turns URLs into TCP/IP addressing information. Firefox cannot do much without the service. DNS hails from the days of a kinder, more gentle Internet where it was normal to make this kind of query using unencrypted protocols and send them to any nearby server who claimed to be able to answer it.

This approach is no longer a fit for the modern Internet.  Because there is no encryption, other devices along the way might collect (or even block or change) this data too.  [1]DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.

While sophisticated users can turn to cloud-based “open resolvers” that offer better privacy controls than what is available by default from most internet service providers (ISPs), these resolvers rely on the same old unencrypted protocols so ISPs can often intercept data anyway.

Our first effort to upgrade the privacy of DNS is to implement the DNS over HTTPS (DoH) protocol, which encrypts DNS requests and responses.  See [2]Lin Clark’s terrific explainer about how DNS over HTTPS can really improve the state of the art.

DoH support has been added to Firefox 62 to improve the way Firefox interacts with DNS. DoH uses encrypted networking to obtain DNS information from a server that is configured within Firefox. This means that DNS requests sent to the DoH cloud server are encrypted while old style DNS requests are not protected. DoH standardization is currently a [3]work in progress and we hope that soon many DNS servers will secure their communications with it.

Firefox does not yet use DoH by default. See the end of this post for instructions on how you can configure Nightly to use (or not use) any DoH server.

Our second effort focuses on building a default configuration for DoH servers that puts privacy first.

We are running a [4]shield study where some Nightly users will participate in one or more experiments to help us build out a secure, cloud-based service that handles DoH requests. All Nightly users will receive an in-product notification about these studies.

Cloudflare is our partner for these experiments. When a shield study is active, Nightly Firefox will automatically use Cloudflare’s [5]secure DNS over HTTPS service (though we aren’t using the famous 1.1.1.1 address). The first study will test whether DoH’s performance is up to the task.

We’ve chosen Cloudflare because they agreed to a [6]very strong privacy agreement that protects your data. TCP/IP requires sharing the name of a website with a third party in order to connect, regardless of whether you’re using DoH or traditional DNS. We want to be confident your DNS operates with strong privacy preserving terms like those we have established with Cloudflare.

We believe that negotiating a privacy first operating agreement is something that Firefox can do for people that is just impractical to ask them to do for themselves. Imagine calling up your residential ISP and asking them to agree to an audit that demonstrates they do not log your IP address on their DNS server. And then repeating the process for your favorite coffee shop, library, friend’s house — anywhere you and your browser go to connect.

Firefox improves user privacy by default by finding good partners, establishing legal agreements that put privacy first, and eventually shipping a default configuration we believe is best.

Shield studies will come and go. If you would like to see what studies you are currently enrolled in simply load about:studies in the location bar. You can also opt out of studies on that page.

How-To Manually Configure DoH

Do you want to use (or not use) DoH all the time? Use the [7]configuration editor to configure DoH if you want to test DoH outside of a shield study. DoH support works best in Firefox 62 or newer. Shield studies will not override your manual configuration.

1] Type about:config in the location bar

2] Search for network.trr (TRR stands for Trusted Recursive Resolver – it is the DoH Endpoint used by Firefox.)

3] Change network.trr.mode to 2 to enable DoH. This will try and use DoH but will fallback to insecure DNS under some circumstances like captive portals.  (Use mode 5 to disable DoH under all circumstances.)

4] Set network.trr.uri to your DoH server. Cloudflare’s is [8]https://mozilla.cloudflare-dns.com/dns-query but you can use any DoH compliant endpoint.

The DNS tab on the about:networking page indicates which names were resolved using the Trusted Recursive Resolver (TRR) via DoH.

References

Visible links
1. https://cdt.org/blog/dns-strengthening-the-weakest-link-in-internet-privacy/
2. https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
3. https://datatracker.ietf.org/doc/draft-ietf-doh-dns-over-https/?include_text=1
4. https://support.mozilla.org/en-US/kb/shield
5. https://blog.cloudflare.com/dns-resolver-1-1-1-1/
6. https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
7. https://support.mozilla.org/en-US/kb/about-config-editor-firefox
8. https://mozilla.cloudflare-dns.com/dns-query

HackerNewsBot debug: Calculated post rank: 82 - Loop: 191 - Rank min: 80 - Author rank: 39

Comply, #icann
You bunch of #privacy infringing legal thugs
https://www.techdirt.com/articles/20180531/06500839947/icanns-pre-emptive-attack-gdpr-thrown-out-court-germany.shtml #de #germany #eu #gdpr

Again: if you care about #privacy and #security and you still use/possess/carry a mobile phone, then you do not really care about either privacy or security https://www.techdirt.com/articles/20180530/12054639943/another-report-highlights-how-wireless-ss7-flaw-is-putting-everyones-privacy-risk.shtml

#GDPR lawsuits against Google, Facebook are moving forward. Limitations on forced consent threaten #privacy harming business models. Does your business understand and follow the rules? #4percent
https://t.co/JpXONtZahg https://t.co/KidE0oOz28 #nextcloud

#privacy cheapening https://www.howtogeek.com/353483/why-its-not-a-big-deal-that-google-and-facebook-knows-a-lot-about-you/ from a site that promotes listening devices every day...

India, EU and the #privacy challengehttp://indianexpress.com/article/opinion/columns/european-union-general-data-protection-regulation-data-privacy-cyber-security-5197739/ #europe #eu#india #privacyMatters #security

"WhatsApp Has Competition": Ramdev's Patanjali Launches Messaging App https://www.ndtv.com/india-news/ramdevs-patanjali-launches-kimbho-app-to-challenge-whatsapp-1860218 but no #privacy in any of them. Avoid. Proprietary.

#Kenya New Cybercrime #Law Opens the Door to #Privacy Violations, #Censorship
http://allafrica.com/stories/201805300171.html
maybe that is the real goal https://techcentral.co.za/kenya-cybercrime-law-opens-door-to-privacy-violations-censorship/81491/

Privacy International Protects Partners With Its Onion Address

Many PI partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.

Anyone who still assumes any #privacy in text messages is probably not educated enough to use a phone https://fossbytes.com/android-glitch-lets-google-access-text-messages/

How to tell fake rubbish in a public hearing?

Mr. Mark Zuckerberg, Facebook CEO, demonstrates this stunt in a joint hearing of the US Senate commerce, science and transportation committee and the Senate judiciary committee. Listen to it here (from 4:58):

https://dcs.megaphone.fm/PPY7926898549.mp3

Senator Roger Wicker asked, "There have been reports that Facebook can track the user’s internet browsing activity even after that user has logged off of the Facebook platform. Can you confirm whether or not this is true?"

This is a straight question and the straight answer is (or should have been): "Yes, Senator, I can confirm that this is true as Facebook collects data on logged out users and also on non-users."

It's a well known fact, acknowledged by company representatives (actually it's common sense, just think about collecting all the IPs and using all those Facebook cookies, like buttons, Facebook pixels and javascripts). There are tons of articles about this topic like here: http://nordic.businessinsider.com/facebook-tracks-both-non-users-and-logged-out-users-2018-4

Here is how Mr. Zuckerberg acts in four stages:

I. First he starts with: "Tss, ahhhhhhh..." - this means: Damn, they got me here! (Mr. Zuckerberg obviously knows that the answer is yes). But he is thinking: I won't give a straight answer to this question (this happened often in the hearing) and I'll just use a method which I just learnt in professional communication training.

II. Second: "...Senator..." - using this term is also for winning some time before starting some completely fake babble.
"...I...I wanna make sure I get this accurate, sooo..." - this part confirms that Mr. Zuckerberg is lying (as he obviously understood the question, no need for clarification) and he is using sort of a completely fake "text book phrase" learnt before the hearing that might help to avoid giving an answer.

III. Third: "...it’ll probably be better to have my team follow up afterwards..." - this is just another fake "text book phrase" prepared before the questioning. Mr. Zuckerberg is basically saying: "Go and f$%k yourself because I won't give you an answer to that question because it'd shed some negative light on me and Facebook."

IV. Fourth: Here comes to the truly ridiculous part as Senator Wicker asks the founder of Facebook in a wondering - very friendly - tone: "You don't know?"

At this point Mr. Zuckerberg starts again a completely fake rubbish: "Eh...Ah, I...I... know that people use cookies on the internet..." - how ridiculous is that?

What a shameless way of misleading the public.

#facebook #zuckerberg #fake #deletefacebook #rubbish #senate #ceo #linux #hackernews #tracking #likebuttons #privacy #security

A voir : "Internet etc." par Haroun Superbe spectacle, drôle, lucide, intelligent, à la limite de la conférence gesticulée sur #degooglisonsinternet
Bravo pour l'écriture, la performance et le modèle économique #chapeau.
<3 #onrigolebien
=> http://onrigolebien.com/
#gafam #privacy #internet #startupnation :)