Mozilla: letting Cloudflare serve our DNS requests is silly and useless

September 6, 2018
2

Mozilla wants to fundamentally change how the Firefox browser handles DNS requests, i.e. the way it looks up the IP addresses of all websites you visit when browsing the web with Firefox. Instead of letting your own ISP do this (which is what normally happens), Firefox will instead send DNS requests (over https) to Cloudflare servers to lookup the IP address for you. The cited reasons are privacy concerns (the party resolving your DNS requests — by default your ISP — will get a complete picture of your browsing habits) and security concerns (the party resolving your DNS request can spoof you and respond with bogus IP addresses).

This is a terrible idea, for many reasons. But it is also totally useless and silly.

Because I don’t see how it solves the problems is aims to address: your ISP will see which websites you visit regardless! Because even if it doesn’t get to see your DNS requests, it still sees all Internet traffic you generate and hence all IP addresses of all sites you visit. This, by the way, is even the case if you surf the web securely, visiting only sites that use https/TLS.

If you do not want this, you can choose to use a VPN instead. Then all internet traffic is encrypted, and as far as your ISP is concerned, you are communicating only with the VPN server (which will also handle all your DNS requests). Off course now your VPN service provider can, in principle, profile your browsing behaviour. So you’ll have to pick one you trust. Which is a more empowering, less centralising choice, than Firefox deciding for all of us to let Cloudflare be our trusted DNS resolver.

In case you spot any errors on this page, please notify me!
Or, leave a comment.
Dosch
, 2018-09-06 08:43:28
(reply)

Silly for many reasons, but one: censorship. DNS-blocking is done in many countries as a way to prevent people from using certain websites (Turkey -> Twitter).

So in this case Firefox might be helping these users. Although I think that the measure will easily be undone by other forms of blocking and therefor the cure might be worse then the disease…

Jaap-Henk
, 2018-09-06 10:12:08
(reply)

Indeed: those countries could easily block IP addresses instead…