It's not though? You still have to trust your ISP, but now you need to trust some random company Mozilla has picked _in addition_ to your ISP.

The random company in this case is Cloudflare and NextDNS. And using DoH you cut out your ISP from the equation (at least for your browser traffic).

You can also setup a custom DoH provider (that can also be configured on the system level, not just the browser) so neither Cloudflare or your ISP gets your DNS queries.

Cloudflare and NextDNS absolutely counts as "some random company" in this context. I have no reason to trust random American companies more than my local ISP. I don't trust the USA more than I trust my own country.

> I have no reason to trust random American companies more than my local ISP. I don't trust the USA more than I trust my own country.

You know you are quite fortunate to be able to say so.

Firefox is a project with global impact. A lot of people around the world can benefit from DoH.

Even people in Germany who want to read the other side of the war story, like I did yesterday to read RT(.com) vs the Tagesschau propaganda. Since my ISP, O2, has removed rt.com entries and other russian propaganda outlets (I acknowledge the "west" also has propaganda outlets like Reuters etc) I was looking for ways to still read rt.com news. I looked into Firefox' preferences and searched for "DNS" and saw DNS over HTTP and I could pick Cloudflare, NextDNS (never heard of) or custom. I picked Cloudflare and read rt.com thus getting the other side of the whole bs propaganda mess.

The German Grundgesetz (constitution) says "eine Zensur findet nicht statt" (censorship does not occur/there will be no censorship) yet, there is censorship.

I was sceptical about DOH in general (why do we need this?) but now I see why this can be a good thing and great as well that Firefox supports it so easily.

Referring to Reuters as a propaganda outlet seems like a bold statement; what evidence led you to make that claim?

I could turn the question around, what evidence do you have they aren't?

I'm not going to search for every single article. Or are you seriously suggesting that Reuters is 100% free of propaganda, especially in war times?

The answer your question: "common sense".

> I could turn the question around, what evidence do you have they aren't?

I don't care about either side of this argument, but you can't logically turn the question around. The burden of proof is on you, who made the claim.

That is an unsatisfying and fallacious response. I did not make that claim, nor did I call them a propaganda outlet. For whom are they propagandizing?

How is this different from just using different DNS settings on your OS?

Because your ISP can block a "raw" DNS request, regardless of what server you configure. Your ISP can even inspect your DNS request, and choose to give a fake response or block the request based on the domain you are requesting.

Your ISP can also block the IP via reverse DNS if they want too.. If you don’t trust your ISP only a vpn will save you

Because USA wouldn't issue a national security letter to get dirt on foreigners? Seems like if Mozilla wanted to choose DoH as way to protect people from being spied on they wouldn't choose USA-based companies?

Like "don't get caught by your own gov accessing restricted material get caught by USA gov-related organisations so they can sell you out to your own gov & benefit USA".

If you're bothered about who's watching your web traffic then it seems highly unlikely you want to add USA to the list of who is watching you??

There aren't many companies with that capability and scale outside of US.

And the States are watching you anyway: most of the Internet resides there. Even the websites that don't are likely using Cloudflare or etc to save on traffic.

Cloudflare is only the default for users in the USA.

I'm in Canada and the default provider is CIRA. I can also choose to switch to Cloudflare, NextDNS, or add my own.

You can check out the Network Settings at the bottom of the General tab to see what your default is.

And who on earth is NextDNS? Looking at their website, there's no mailing address, phone number, or other identifying information other than the names of the founders and their Twitter links. If that doesn't qualify as some random company, I'm not sure what does!

And I simply don't trust Cloudflare.

And that’s fair, again this is all completely customizable and in fact you are better served configuring a system/network-wide DNS host that you run yourself or trust.

Most people are going to use the defaults. Giving all DNS requests for 99.9% of Firefox users to two random American companies is irresponsible.

If it is irresponsible to utilize the services provided by companies under the jurisdiction of the United States, then using much of the internet and Firefox itself is irresponsible.

The user made a conscious choice to trust one specific American company. They do not want other companies they did not personally "vet"-- with whatever weird and personal criteria they feel like -- added without their approval. This shouldn't be this hard to understand.

And they have the option to not utilize this feature or change the settings to a service provider they do trust.

The threat vector is understandable. Not making the choice to mitigate it is what does not make sense to me. Cloudflare is not an unknown operator. You can study their past behavior, their beliefs, and how their services work, and make that choice.

Saying 99% of people accept the defaults and claiming this is bad without learning about what the defaults are or how to change them when it takes a few straightforward steps to do so is what does not make sense to me.

Even installing Firefox in the first place is to make a conscious choice to change the defaults of nearly all operating systems that the vast majority of people on Earth use. It’s defaults will also now have a feature to encrypt your DNS queries to a third party vetted by Firefox. If you cannot trust them then why use their browser?

I’ve studied it.

“Matthew Prince, Cloudflare’s chief executive. “It’s dangerous for infrastructure companies to be making what are editorial decisions,” he said.”

Not dangerous enough apparently.

So? That's not an argument for doing it again. 'Everyone else is taking a bung from the NSA to forward them data', for example, isn't a moral justification to do it yourself (made up example).

You get prompted for whether or not you want to use it. If you choose not to use it, it will continue using whatever DNS your computer is using.

It's just an option. In this case, both selected options are excellent providers that I'm happy to see.

My ISP specifically reserves the right to sell browsing data, Cloudflare and NextDNS have privacy policies forbidding them from doing so.

Your ISP will still get your browsing data via SNI so the only change is that now both your ISP and Clouldflare will get it.

No, Cloudflare thought of that and is fixing it with their deployment of TLS ECH.

Your ISP will see every IP you're communicating with. They don't need your DNS at all. Trying to hide your traffic from your ISP without a VPN is unlikely to work.

But when the IP is all they see, and it belongs to a big CDN, that doesn't really reveal anything.

ISP-provided CPEs often (usually these days? I wonder if anyone has studied this) allow you to change the recursive DNS servers that they forward queries to. Nor do they let you customize the DNS servers handed out by their DHCP servers.

A while back, Sky Broadband was even intercepting all customer traffic to UDP or TCP port 53, and forcing it to go to their shitty DNS servers, which panic and drop the connection when they see something 'unusual'.

> A while back, Sky Broadband was even intercepting all customer traffic to UDP or TCP port 53, and forcing it to go to their shitty DNS servers, which panic and drop the connection when they see something 'unusual'.

This is exactly why DNS over HTTPS is a thing. Unencrypted services are regularly abused by ISPs and DNS is no exception.

Even in that scenario you’re still vulnerable to DNS sniffing and injection. These aren’t theoretical concerns, they’re real-world actively explored vulnerabilities. And if you still don’t care, well, that’s why you can turn DoH off.

This is valid also on Cloudfare. I really do not see why i shall have more trust on Cloudfare than on my ISP ? They both operate in the "free" market.

Cloudflare has a legally binding contract with Mozilla to this effect. So you’ve traded up from a number of companies that have never promised to not sniff or tamper with your traffic (and often do, and don’t really have any positive brand image to protect) up to a single company that has a legal commitment not to tamper with your traffic (and has some form of brand image to protect). I too, would prefer if DoH had more technical features to prevent sniffing/tampering, but this is an upgrade.

See, IMHO a "binding contract" isn't worth the paper it's written on if violations of the contract are undetectable. There's no brand image impact if there's no evidence.

And if I was an intelligence agency trying place spies, Cloudflare would be among the first tech companies I'd target.

This feature seems almost exclusively a feature for people in the ISP-monopoly-friendly United States.

>And if I was an intelligence agency trying place spies, Cloudflare would be among the first tech companies I'd target.

This seems like a threat model swap in the conversation. The subject threat model here is (1) defending against companies stealing and selling my data. You swapped in the threat of (2) state level agencies spying on you through these companies.

The problem is that #2 seems to be an intractable problem. (but not so much because of an infiltrated DNS provider, more like cable taps and infiltrated hardware manufacturers)

#1 seems to be a more solvable problem (albeit at increasing levels of complexity). When you bring #2 into the conversation, it defocuses on the solution to #1 and gets to a point where we all throw up our hands and admit helplessness and defeat.

I see this happen often and I think every conversation should be clearly grounded in the threat model that is being addressed.

In some countries ISPs work closely with the government and block certain websites the government asks them to etc. In these cases I would trust cloudflare over my ISP

In some countries (USA) tech companies (Cloudflare) work closely with the government (see Snowdon revelations). I trust my ISP, which I chose, more than a foreign company (Cloudflare).

^ This is what I don't get..

Everyday people who are worried about state-actor threats - an incredibly targeted and unlikely scenario for the average person - but are less concerned about their personal information being harvested for marketing purposes - something that happens all the time to everyone.

> Everyday people who are worried about state-actor threats - an incredibly targeted and unlikely scenario for the average person -

I agree with you that people should be more worried about companies collecting their personal info, but we know now that the state collecting your data isn't incredibly targeted or at all unlikely. They just take everything. It's happening to every last one of us every single day. It's been going on for decades.

https://en.wikipedia.org/wiki/Room_641A https://en.wikipedia.org/wiki/Russ_Tice

And i don't get how one would think that I, as a European, would want an overseas company to handle my data. If my ISP is breaching GDPR, all i have to do is to go to data protection agency (at least i have that option on the table), good luck doing that with an overseas company... I have zero indications that my ISP is selling data for marketing purposes (unlike some US ISPs which even inject ads).

Because if the situation is reversed and e.g. the local police subpoenas your ISP to find people that are "illegally torrenting" or whatever they won't include you. That's happened a lot within Europe.

Even if the foreign government spies more nether jurisdiction is likely to care enough about you specifically to make an international case of it.

In other words I'd think most Americans would be better off proxying through Europe, and most Europeans would be better off proxying through the US.

Even better would be to proxy through a third country that your own country is unlikely to cooperate with, and which won't care about you personally.

E.g. I wouldn't want to live in Iran or North Korea, but I'd think proxying DNS through them would in some way maximize my privacy if I was living in Europe or the US.

I'll never travel to either of them, and my authorities are vanishingly unlikely to cooperate with either of them for anything short of murder.

Except proxying through Iran or North Korea literally puts a target on you locally. Not really the brightest idea. As for other things - it is not black or white, depends where you are and from that you choose the best option for you. The "copyright" cartels are mostly American so it kinda does not even make sense to use US in order to avoid that, just makes it easier for them.

Running your own DNS resolver doesn't give you any of the benefits that using DoH does. The recursive queries that it sends out are just as vulnerable to an adversary on the network blocking or spying on as the ones sent to a regular insecure DNS server.