Language Selection

English French German Italian Portuguese Spanish

Mozilla: DNS/DoH, USA FREEDOM Act, Critiquing Design and Sandboxing

Filed under
Moz/FF
  • Firefox continues push to bring DNS over HTTPS by default for US users

    Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.

    A little over two years ago, we began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). To put this change into context, we need to briefly describe how the system worked before DoH. DNS is a database that links a human-friendly name, such as www.mozilla.org, to a computer-friendly series of numbers, called an IP address (e.g. 192.0.2.1).

  • The Facts: Mozilla’s DNS over HTTPs (DoH)

    The current insecure DNS system leaves billions of people around the world vulnerable because the data about where they go on the internet is unencrypted. We’ve set out to change that. In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol to close this privacy gap within the web’s infrastructure. Today, Firefox is enabling encrypted DNS over HTTPS by default in the US giving our users more privacy protection wherever and whenever they’re online.

  • Goals for USA FREEDOM reauthorization: reforms, access, and transparency

    At Mozilla, we believe that privacy is a fundamental digital right. We’ve built these values into the Firefox browser itself, and we’ve pushed Congress to pass strong legal protections for consumer privacy in the US. This week, Congress will have another opportunity to consider meaningful reforms to protect user privacy when it debates the reauthorization of the USA FREEDOM Act. We believe that Congress should amend this surveillance law to remove ineffective programs, bolster resources for civil liberties advocates, and provide more transparency for the public. More specifically, Mozilla supports the following reforms...

    [...]

    Second, the program may not provide sufficiently valuable insights in the current threat environment. In a recent Senate Judiciary Committee hearing, the government acknowledged that the intelligence value of the program was outweighed by the costs and technical challenges associated with its continued operation. This conclusion was supported by an independent analysis from the Privacy and Civil Liberties Oversight Board (PCLOB), which hopes to publicly release an unclassified version of its report in the near future. Additionally, the shift to other forms of communications may make it even less likely that law enforcement will obtain useful information through this specific authority in the future.

    And finally, some technological shifts may have made the CDR program too complex to implement today. Citing to “technical irregularities” in some of the data obtained from telecom providers under the program, the NSA deleted three years’ worth of CDRs that it was not authorized to receive last June. While the agency has not released a specific explanation, Susan Landau and Asaf Lubin of Tufts University have posited that the problem stems from challenges associated with measures in place to facilitate interoperability between landlines and mobile phone networks.

  • Critiquing Design

    This is me about 25 years ago, dancing with a yoga ball. I was part of a theater company where I first learned Liz Lerman’s Critical Response Process. We used this extensively—it was an integral part of our company dynamic. We used it to develop company work, we used it in our education programs and we even used it to redesign our company structure. It was a formative part of my development as an artist, a teacher, and later, as a user-centered designer.

    What I love about this process is that works by embedding all the things we strive for in a critique into a deceptively simple, step-by-step process. You don’t have to try to remember everything the next time you’re knee-deep in a critique session. It’s knowledge in the world for critique sessions.

  • Firefox for Mac and Linux to get a new security sandbox system

Firefox turns controversial new encryption...

  • Firefox turns controversial new encryption on by default in the US

    Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic that’s typically sent over an unencrypted plain text connection, and which could allow others to see what websites you’re visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.

  • Firefox flips on default DNS over HTTPS to encrypt Internet traffic at the source

    For its part, Mozilla downplays any potential risk and vows to work with companies, schools, and other organizations, as well as ISPs to mitigate concerns over DoH. In a statement to ZDNet, the company said it was “We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure.”

    To use default DoH, you need to update or download the latest version of the Firefox browser (73.0.1). Users can disable default DoH on the Firefox browser—or enable it if you’re outside the U.S.—by visiting the Network tab under General settings and unchecking the Enable DNS over HTTPS box.

Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

  • Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

    Historically, like much of the internet, DNS hasn't been all that secure. That's why Mozilla last year announced it would begin testing something called "DNS over HTTPS," a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in government, telecom, or other organizational efforts to use DNS records to block and filter content, or track and sell user activity.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Openwashing Leftovers

'Open' Surveillance 'Apps'

  • Singapore to open-source national Coronavirus encounter-tracing app and the Bluetooth research behind it

    The app, named TraceTogether and its government is urging citizens to run so that if they encounter a Coronavirus carrier, it’s easier to trace who else may have been exposed to the virus. With that info in hand, health authorities are better-informed about who needs to go into quarantine and can focus their resources on those who most need assistance. The app is opt-in and doesn’t track users through space, instead recording who you have encountered. To do so, it requires Bluetooth and location services to be turned on when another phone running the app comes into range exchanges four nuggets of information - a timestamp, Bluetooth signal strength, the phone’s model, and a temporary identifier or device nickname. While location services are required, the app doesn't track users, instead helping to calculate distances between them.

  • Singapore says it will make its contact tracing tech freely available to developers

    Less than a week after launching an app to track potential exposure to the coronavirus, Singapore is making the technology freely available to developers worldwide. The city-state rolled out an app called TraceTogether on March 20 and described it as a supplementary tool for its contact tracing efforts that relied on the recall and memory of infected individuals. Contact tracing is the process of identifying those with close contact with infected patients.

  • Over 600k users installed TraceTogether, app to be made open source

    A mobile application developed by the Government Technology Agency (GovTech) that helps in contact tracing for Covid-19 has been installed by more than 620,000 users since its launch last Friday. With a decision to make the technology behind it available to developers around the world, even more people could stand to benefit. Developed in collaboration with the Health Ministry (MOH), the TraceTogether mobile app works by exchanging short-distance Bluetooth signals between phones.

  • 620,000 people installed TraceTogether in 3 days, S’pore’s open source contact tracing app

    TraceTogether, a mobile app to support contact tracing efforts developed by the Government Technology Agency (GovTech), in collaboration with the Ministry of Health (MOH), was launched on Friday, Mar. 20.

  • The Shield: the open source Israeli Government app which warns of Coronavirus exposure
  • Israel Unveils Open Source App to Warn Users of Coronavirus Cases

    A new Israeli app can instantly tell users if they have crossed paths with someone known to have been infected with the coronavirus. On Sunday, the country’s health ministry unveiled the app, called “The Shield”(“HaMagen”, in Hebrew.) The app takes location data from the user’s phone and compares it with the information in Health Ministry servers regarding the location histories of confirmed cases during the 14 days before their diagnosis.

OSS Leftovers

  • Open source platforms, flexible airframes for new drones

    Multirotor drones excel at vertical lift and hover, while fixed wing drones are great at both distance and wide-open spaces. In February, Auterion Government Solutions and Quantum-Systems announced a two-pronged approach to the rotor- or fixed-wing drone market, with a pair of drones that use the same sensor packages and fuselage to operate as either the Scorpion Trirotor or the Vector fixed wing craft. “As we started to develop our tactical UAS Platform, our plan was only to develop a VTOL fixed wing solution (like our Vector),” said Florian Siebel, managing director of Quantum-Systems. “During the development process we decided to build a Tri-Copter Platform as well, as a result of many discussions with law enforcement agencies and Search and Rescue Units.” Adapting the fixed-wing fuselage to the tri-copter attachments means the drone can now operate in narrow spaces and harsh conditions. Scorpion, with the rotors, can fly for about 45 minutes, with a cruising speed of zero to 33 mph. Put the fixed wings back on for Vector, and the flight time is now two hours, with a cruising speed of 33 to 44 mph.

  • IEEE Standards Association Launches a Platform for Open Source Collaboration
  • Greg Smith on the strengths and drawbacks of open source software

    There are a lot of tire models available in the world. Most are closed source (or black box), meaning the program code behind them is not available to end users. This is understandable as the code can easily be licensed and its development paid for. Everyone’s got to make a living! This approach, however, makes it much harder to get the best out of the models – if you can’t see their internal workings, it’s harder to maximize their usefulness. Other models, such as Magic Formula, are effectively open source, with the equations published in books and journal papers. This means that anyone (if they invest the time) can build and use their own Magic Formula solvers and, in the process, learn the details of how the model works. In April 2015, during a session at the 4th International Tire Colloquium at Surrey University, UK, the general idea of open sourcing was discussed. In attendance were various figures from the commercial tire model development community, representatives from car and tire companies who use the models, and a large group of academics involved in more fundamental research. Issues were raised regarding everything from intellectual property concerns and licensing through to technical advances, development strategies and training. Boiling all this down, most discussions centered on one of two approaches.

  • First open-source AI for driverless agricultural vehicles
  • Huawei announced AI Computing Framework MindSpore as Open Source

    During the Huawei 2020 Developer Conference continues online, bringing the latest progress of The Wei Peng and Yan Teng Ecology. According to the agenda of the meeting, the first day of the developer conference (March 27) will focus on Peng Peng, the next day (March 28) will focus on The Teng.

  • New Chinese open-source AI platform launched

    Megvii Technology Limited has announced the launch of a new open-source artificial intelligence platform for developers, Shanghai Daily learned on Thursday. Other firms offering such platforms include tech giants like Google, Amazon, Facebook, Microsoft and Baidu.

  • Open-source AI infrastructure to boost innovation in China

    From smart fever-screening at subway stations to scan-reading diagnosis, artificial intelligence (AI) is on the frontline of China's battle against the novel coronavirus. Behind the smart systems are deep-learning frameworks that emulate the way the human brain learns, like recognizing patterns and coping with ambiguity.

  • Megvii makes deep learning AI framework open-source as China moves to reduce reliance on US platforms
  • Noble.AI Contributes to TensorFlow, Google's Open-Source AI Library and the Most Popular Deep Learning Framework

    Noble.AI, whose artificial intelligence (AI) software is purpose-built for engineers, scientists, and researchers and enables them to innovate and make discoveries faster, today announced that it had completed contributions to TensorFlow, the world's most popular open-source framework for deep learning created by Google.

  • Google open-sources framework that reduces AI training costs by up to 80%

    Google researchers recently published a paper describing a framework — SEED RL — that scales AI model training to thousands of machines. They say that it could facilitate training at millions of frames per second on a machine while reducing costs by up to 80%, potentially leveling the playing field for startups that couldn’t previously compete with large AI labs.

  • A case study: Improving patient outcomes with Open Source

    South London and Maudsley NHS Foundation Trust (SLaM) provides the widest range of NHS mental health services in the UK with 52 inpatient wards, outpatient, and community services. As recognition of their digital accomplishments, SLaM have been awarded GDE (Global Digital Exemplar) status. Following a two-year pilot of Open-eObs software, the trust had proven the long-term benefits of an open source approach and needed a supplier to further drive their digital ambition.

Programming: Java, Python, Perl and More

  • Azul Systems Extends Open Source Java Offerings with a new Zulu Distribution of OpenJDK 14
  • Azul Systems brews up fresh blend for open source Java

    Java runtime solutions company Azul Systems has announced the general availability of its Zulu release of OpenJDK 14 builds. [...] All Zulu 14 JDKs and JREs are verified against and pass the TCK certification tests required to ensure the correct execution of Java SE 14 applications.

  • Python File I/O

    Start writing here..In this article, you'll learn about Python file operations. More specifically, opening a file, reading from it, writing into it, closing it and various file methods you should be aware of. What is a file? File is a named location on disk to store related information. It is used to permanently store data in a non-volatile memory (e.g. hard disk). Since, random access memory (RAM) is volatile which loses its data when computer is turned off, we use files for future use of the data.

  • Python: Pros and Cons of Lambda

    lambda is a keyword in Python, we use it to create an anonymous function. So we also call lambda functions as anonymous functions.

  • Learning pandas by Exploring COVID-19 Data

    The European Centre for Disease Prevention and Control provides daily-updated worldwide COVID-19 data that is easy to download in JSON, CSV or XML formats. In this tutorial, we will use the pandas data analysis tool on the comma-separated values (CSV) data to learn some of the basic pandas commands and explore what is contained within the data set.

  • Rotation in R^2 - CY's take on PWC#053 Task 1

    This is a part of Perl Weekly Challenge(PWC) #053 and the followings are related to my solution. If you want to challenge yourself on Perl, go to https://perlweeklychallenge.org, code the latest challenges, submit codes on-time (by GitHub or email) if possible, before reading my blog post.

  • Perl Weekly Challenge 053: Rotate Matrix and Vowel Strings
  • IoT Adoption Survey Reveals Open Source Rules

    The Eclipse Foundation's IoT Working Group has issued a report that reveals that for commercial organizations the IoT is real and adoption is growing, albeit with a degree of caution. As far as IoT is concerned, the open source model clearly dominates. Conducted online between October and December 2019, with 366 respondents, the IoT Commercial Adoption Survey was the first exercise of its kind. Its aim was gain a better understanding of the IoT industry landscape by identifying the requirements, priorities, and challenges faced by organizations that are deploying and using commercial IoT solutions. It can be seen as the counterpart of the IoT Developer Survey, which since 2015 has been an annual exercise reporting on the programming languages, platforms, infrastructure and tools used for building IoT solutions.

  • What happens when the maintainer of a JS library downloaded 26m times a week goes to prison for killing someone with a motorbike? Core-js just found out

    In November 2019, Denis Pushkarev, maintainer of the popular core-js library, lost an appeal to overturn an 18-month prison sentence imposed for driving his motorcycle into two pedestrians, killing one of them. As a result, he's expected to be unavailable to update core-js, a situation that has project contributors and other developers concerned about the fate of his code library.

  • [Old] When to assume neural networks can solve a problem

    The question: “What are the problems we should assume can be solved with machine learning?”, or even narrower and more focused on current developments “What are the problems we should assume a neural network is able to solve?”, is one I haven’t seen addressed much.

    There are theories like PAC learning and AIX which at a glance seem to revolve around this, as it pertains to machine learning in general, but if actually applied in practice won’t yield any meaningful answers.

    However, when someone asks me this question about a specific problem, I can often give a fairly reasonable confidence answer provided I can take a look at the data.

    Thus, I thought it might be helpful to lay down the heuristic that generate such answers. I by no means claim these are precise or evidence based in the scientific sense, but I think they might be helpful, maybe even a good start point for further discussion on the subject.

  • Uber Open Sources Piranha Stale Code Remover

    Uber has released an open source version of Piranha, a tool that scans source code to delete code related to stale, or obsolete, feature flags. Piranha is run at Uber in an ongoing pipeline for its Android and iOS codebases and has been used to remove around two thousand stale feature flags and their related code. Uber says it has led to a cleaner, safer, more performant, and more maintainable code base.

  • Piranha Is An Open Source Tool That Automatically Deletes Obsolete Code