1664878 - Roll out DoH on Android

Status: RESOLVED DUPLICATE of bug 1801530

(Fenix :: Privacy, enhancement)

Description

[(inactive) Nihanth Subramanya [:nhnt11]]

1. Prefs UI
2. Heuristics
3. Regional rollouts
4. etc

👆All need to be supported on mobile.

Comment 1

[Valentin Gosu [:valentin] (he/him)]

(In reply to Nihanth Subramanya [:nhnt11] from comment #0)

1. Prefs UI

Tracked in https://github.com/mozilla-mobile/fenix/issues/4584

Comment 2

[(inactive) Nihanth Subramanya [:nhnt11]]

(In reply to Valentin Gosu [:valentin] (he/him) from comment #1)

(In reply to Nihanth Subramanya [:nhnt11] from comment #0)

1. Prefs UI

Tracked in https://github.com/mozilla-mobile/fenix/issues/4584

Thanks! I wondered if some of these were already being tracked elsewhere. I almost made this a general bug for supporting a mobile rollout e.g. any patches needed for heuristics compatibility and config infra. Maybe that actually makes sense... I might update the bug later if this ages well in my head.

Comment 3

[Valentin Gosu [:valentin] (he/him)]

I think steps 2-3 belong in GeckoView anyway, so it's OK to keep this bug for that work.

Comment 4

[Tom25519]

By the way, why Fenix cancel "about:config"? It's very useful, convenient and powerful function, user could adjust Firefox easily. Tell you the truth, one reason I prefer Firefox rather than Chrome is Firefox could adjust easily, Chrome not. For example, I could use 1.1.1.1 DoH server through set network.trr.mode=3, network.trr.mode=https://1.1.1.1/dns-query , and enable Encrypted SNI through network.security.esni.enabled=true

Comment 5

[Chris Peterson [:cpeterson]]

Chrome supports DoH on Android: https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html

Comment 6

[zesanup]

DoH is not enabled by default in Firefox on Android yet due to performance issues.

It makes complete sense to avoid a large scale perf hit for the entire userbase. But if this setting is at least exposed in the UI, users can test different servers and select the fastest one.

There could be a "Learn more" link pointing to a SUMO page, which further points to https://dnsprivacy.org/public_resolvers/#dns-over-https-doh or https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers, so that users are aware of their choices.

Right now, users have to resort to variants or forks that expose about:config, and set the TRR settings that way.

Comment 7

[Walter K.]

As a work around, starting with Android 9, there should be a system-wide setting for Private DNS, see Cloudfare blog.
In addition to the info in the blog, they now have one.one.one.one DoH endpoint.

Comment 8

[Jonathan Almeida [:jonalmeida]]

Closing as duplicate of bug 1801530. Please re-open if this is incorrect.