make DNS over HTTPS an *OPT IN* feature not an opt out feature
Categories
(Core :: Networking: DNS, defect)
Tracking
()
People
(Reporter: maybespamforandy1, Unassigned)
References
(Blocks 1 open bug)
Details
Steps to reproduce:
- Install firefox-esr
Actual results:
- After a few months, I find out that a centralized DNS over HTTPS resolver is configured that I had no knowledge of.
Expected results:
Firefox should ask me to opt in to a centralized DNS resolver rather than require me to opt out after DNS queries have already been leaked. Installing firefox should not be a mechanism that automatically bypasses from my local DNS resolver. I find this to be a major invasion of privacy and breach of trust by the mozilla team. Why do this? I understand that users may want to opt into such a feature if they don't run a local dns resolver, but initially forcing it on people is a bit extreme.
Additionally, the opt out is buried in a menu that is related to proxy server configuration. People who have never used and never will use a proxy server have no incentive to go there looking for new things they should opt out of. I would say over 99.99% of people don't use a proxy server, so why hide something in there so people can't find it?
|
||
Comment 2•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Networking: DNS' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 3•2 years ago
•
|
||
Hi Andy,
Thank you for your feedback. Our DNS over HTTPS program includes only resolvers that abide by our Trusted Recursive Resolver policy.
If you want to permanently disable DoH you may set the network.trr.mode pref to 5.
We are working in bug 1596839 to add a better UI for configuring and inspecting DNS over HTTPS behaviour.
If you want to discuss our rollout policy I encourage you to take the discussion to https://connect.mozilla.org/
|
|
||
Updated•2 years ago
|
Description
•