Navigation

Language Selection

Search

Mozilla: DNS/DoH, USA FREEDOM Act, Critiquing Design and Sandboxing

Submitted by Roy Schestowitz on Tuesday 25th of February 2020 04:49:59 PM Filed under

Moz/FF

Firefox continues push to bring DNS over HTTPS by default for US users

Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.

A little over two years ago, we began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). To put this change into context, we need to briefly describe how the system worked before DoH. DNS is a database that links a human-friendly name, such as www.mozilla.org, to a computer-friendly series of numbers, called an IP address (e.g. 192.0.2.1).
The Facts: Mozilla’s DNS over HTTPs (DoH)

The current insecure DNS system leaves billions of people around the world vulnerable because the data about where they go on the internet is unencrypted. We’ve set out to change that. In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol to close this privacy gap within the web’s infrastructure. Today, Firefox is enabling encrypted DNS over HTTPS by default in the US giving our users more privacy protection wherever and whenever they’re online.
Goals for USA FREEDOM reauthorization: reforms, access, and transparency

At Mozilla, we believe that privacy is a fundamental digital right. We’ve built these values into the Firefox browser itself, and we’ve pushed Congress to pass strong legal protections for consumer privacy in the US. This week, Congress will have another opportunity to consider meaningful reforms to protect user privacy when it debates the reauthorization of the USA FREEDOM Act. We believe that Congress should amend this surveillance law to remove ineffective programs, bolster resources for civil liberties advocates, and provide more transparency for the public. More specifically, Mozilla supports the following reforms...

[...]

Second, the program may not provide sufficiently valuable insights in the current threat environment. In a recent Senate Judiciary Committee hearing, the government acknowledged that the intelligence value of the program was outweighed by the costs and technical challenges associated with its continued operation. This conclusion was supported by an independent analysis from the Privacy and Civil Liberties Oversight Board (PCLOB), which hopes to publicly release an unclassified version of its report in the near future. Additionally, the shift to other forms of communications may make it even less likely that law enforcement will obtain useful information through this specific authority in the future.

And finally, some technological shifts may have made the CDR program too complex to implement today. Citing to “technical irregularities” in some of the data obtained from telecom providers under the program, the NSA deleted three years’ worth of CDRs that it was not authorized to receive last June. While the agency has not released a specific explanation, Susan Landau and Asaf Lubin of Tufts University have posited that the problem stems from challenges associated with measures in place to facilitate interoperability between landlines and mobile phone networks.
Critiquing Design

This is me about 25 years ago, dancing with a yoga ball. I was part of a theater company where I first learned Liz Lerman’s Critical Response Process. We used this extensively—it was an integral part of our company dynamic. We used it to develop company work, we used it in our education programs and we even used it to redesign our company structure. It was a formative part of my development as an artist, a teacher, and later, as a user-centered designer.

What I love about this process is that works by embedding all the things we strive for in a critique into a deceptively simple, step-by-step process. You don’t have to try to remember everything the next time you’re knee-deep in a critique session. It’s knowledge in the world for critique sessions.
Firefox for Mac and Linux to get a new security sandbox system

Login or register to post comments
Printer-friendly version
1947 reads
PDF version

Firefox turns controversial new encryption...

Submitted by Roy Schestowitz on Wednesday 26th of February 2020 10:42:13 AM.

Firefox turns controversial new encryption on by default in the US

Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic that’s typically sent over an unencrypted plain text connection, and which could allow others to see what websites you’re visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.
Firefox flips on default DNS over HTTPS to encrypt Internet traffic at the source

For its part, Mozilla downplays any potential risk and vows to work with companies, schools, and other organizations, as well as ISPs to mitigate concerns over DoH. In a statement to ZDNet, the company said it was “We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure.”

To use default DoH, you need to update or download the latest version of the Firefox browser (73.0.1). Users can disable default DoH on the Firefox browser—or enable it if you’re outside the U.S.—by visiting the Network tab under General settings and unchecking the Enable DNS over HTTPS box.

Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

Submitted by Roy Schestowitz on Friday 28th of February 2020 03:48:35 PM.

Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

Historically, like much of the internet, DNS hasn't been all that secure. That's why Mozilla last year announced it would begin testing something called "DNS over HTTPS," a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in government, telecom, or other organizational efforts to use DNS records to block and filter content, or track and sell user activity.

More in Tux Machines

today's howtos

Install and Configure Grafana on Kubernetes

We are going to deploy Grafana to visualise Prometheus monitoring data.
How to Install and Use Docker on Ubuntu 20.04 | 18.04

Docker is a free, open-source and cross-platform containerization tool that helps you to deploy and run the application in an isolated environment. Docker has become one of the most important parts of modern software development and DevOps pipelines.
How to Find Cheap Linux VPS? [Ed: Potentially a bit spammy (the links in there)]

VPS stands for a Virtual Private Server. This is a virtual machine that is commonly used for hosting a web site. You can buy a VPS from a hosting provider companies such as Routerhosting, and based on your requirements. Each VPS provides you a private resource on a server to host your website. Likewise, you can use a shared VPS that is more affordable but in low security. Another noticeable factor for selecting a perfect VPS is operating system. The operating system that you select for VPS will have a strong impact on your business or the field of your action. There are two options available including Windows VPS and Linux VPS. Although there are many basic functions that are common between them, but selecting the OS completely depends on users and their preferences. As you know Linux VPS is more popular than Windows. You can easily find a cheap Linux VPS with great speed, function, and security.
4 ways to identify your current shell (if it’s bash)

Knowing which run you are using on your system is an important piece of information. Your shell determines your login environment to a large extent as it controls which environment variables get exported, your shell prompt etc. On a Linux system it’s almost certain that you will using the bash shell unless the system administrator has deliberately changed it to something else. In this quick article we will demonstrate four ways you can determines if you are running the bash shell or not.
Alan Pope: The Black Oblong of Monospace Mystery

I originally titled this post “Don’t be afraid of the command line”, but decided “Black Oblong of Monospace Mystery” was more fun. Is the command line really scary? It doesn’t feel like that to me, but I grew up with an interface which looks like this on first boot.
What Is DNS Server?

What is DNS Server? DNS stands for Domain Name System. This is actually a service that runs on all of our computers but majorly it runs the entire internet. We type a website in the browser and with the bling of our eyes the website is open. Have you ever wondered how does that happen? In today’s article, we will learn the process of how the website opens so fast and how DNS plays an important role in this process. We already know that every website is saved in a server that is located somewhere in the world. We need to reach this server and ask for the website homepage. In order to reach this Server, we need the address. When we want to visit a person in real life, we need his home address but in the world of the internet, we need the logical address. Internet Protocol, also known as IP Address is the logical addressing system. In order to reach a website we need to enter its server IP in the browser and the server will reply with the homepage. Initially, when the internet was in its infancy, people kept the record of IP addresses. Gradually, the internet because huge, and keeping the record of IP addresses was a challenge. The markers of the Internet knew that humans are very good at remembering names than numbers. They came up with the idea of a DNS Server.
How to install Proton VPN on a Chromebook

Today we are looking at how to install Proton VPN on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
How to Install AppImage in Linux

AppImage is format for packaging applications which is self-contained. It is the universal software package format compatible with various Linux distribution. In the traditional system of installing software packages, you need to download, extract and install on various directories of the system. But with the AppImage there is no extraction, no installation, no root permission, you just download the single package, make it executable and run it with a single click. It includes all the compressed image, dependencies, and libraries needed to run the software. Even to uninstall the application, you will just remove the AppImage file.

TV-Lite – GTK 3 IPTV, Sopcast, Acestream Player for Linux

TV-Lite is a free open-source IPTV player with Sopcast and Acestream handling capabilities, which runs in Linux and Windows. TV-Lite aims to be a replacement for the older TV-Maxe. It so far uses VLC for media playback, and need Acestream and / or Sopcast for this program to be able to handle the respective stream types.

Qubes OS 4.0.4-rc2 has been released!

We’re pleased to announce the second release candidate for Qubes OS 4.0.4.

NuTyX 20.12.1 available with cards 2.4.124

I am very happy to announce the new version of NuTyX 20.12.1 and cards 2.4.124. The compilation chain is completely rebuilt in addition to glibc 2.32, gcc 10.2.0 and binutils 2.34 The xorg-server graphics server version 1.20.10, the Mesa 3D library in 20.3.2, gtk3 3.24.24 and qt 5.15.2 are also in their latest versions. The python interpreters are ent 3.9.0 and 2.7.18. The XFCE desktop environment is updated to version 4.14.3. The MATE desktop environment is also updated to version 1.24, the latest version available. The KDE desktop environment is available in Plasma 5.20.4, Framework 5.76.0 and applications in 20.12.1. et les applications en 20.12.1. Available browsers are: firefox 84.0.2, chromium 87.0.4280.88, falkon 3.1.0, epiphany 3.38.2, etc Many desktop applications have been updated as well like thunderbird 78.6.1, Scribus 1.5.6.1, libreoffice 7.0.4.2, gimp 2.10.22, etc. Core NuTyX ships with Long Term Support (LTS) kernels: 4.9.253, 4.14.217, 4.19.170, 5.4.92 and 5.10.10 and the latest stable version 5.10.10.

Latest News

Review: Mabox Linux 20.10

For me, running Mabox was a curious experience. The reason being that the distribution never seemed to do anything objectively wrong or buggy. Everything worked properly, the system was fast, stable, and often offered multiple approaches to accomplishing tasks. Mabox inherits Arch Linux's large repositories of software and the cutting-edge packages which make its grandparent famous. The lightweight Openbox window manager is flexible and fast. Plus I like that Mabox doesn't ship a lot of applications, just some good basics, and gives us multiple tools to add more items we might want. However, Mabox never felt like a good fit for me. It's hard to put my finger on why exactly this was because the distribution, objectively, does a lot of things well. However, the style of the distribution isn't at all to my taste. The Openbox session is very busy and I like quiet interfaces. Mabox is a cutting-edge rolling release and I like static and boring. Mabox has a tonne of status panels, shortcuts, and an elegant welcome screen. I want my operating system to stay out of the way and not distract me. Mabox has many configuration tools and they all seem to work, but the number of them (and the lack of a central organization for them) can make it harder to find the options I want to adjust. I guess what made the experience feel odd is Mabox uses a really minimal window manager, but with all the bells and whistles enabled. It ships with very few desktop applications, yet the menu is crowded with options. The system looks really sleek and modern, but a lot of options require we tweak text-based configuration files by hand. It makes for an odd series of juxtapositions. Objectively, I think Mabox is quite good. The only real bug I ran into was Firefox and the desktop panel using the same shortcut, but otherwise the system was fast, smooth, and capable. It just has an unusual approach to several aspects of it. Which makes me feel the distribution is objectively good, but subjectively not to my taste.

Linux 5.11-rc5

So this rc looked fairly calm and small, all the way up until today.

In fact, over 40% of the non-merge commits came in today, as people
unloaded their work for the week on me. The end result is a slightly
larger than usual rc5 (but both 5.10 and 5.8 were bigger, so not some
kind of odd outlier).

Nothing particularly stands out. We had a couple of splice()
regressions that came in during the previous release as part of the
"get rid of set_fs()" development, but they were for odd cases that
most people would never notice. I think it's just that 5.10 is now
getting more widely deployed so people see the fallout from that
rather fundamental change in the last release.  And the only reason I
even reacted to those is just because I ended up being involved with
some of the tty patches during the early calm period of the past week.
There's a few more still pending.

But the bulk of it all is all the usual miscellaneous fixes all over
the place, and a lot of it is truly trivial one- or few-liners. Just
under half the patch is for drivers, with the rest being the usual mix
of tooling, arch updates, filesystem and core (mm, scheduling,
networking).

Nothing here makes me go "Uhhuh" in other words.

            Linus

Also: Linux 5.11-rc5 Kernel Released Following A Busy Sunday - Phoronix

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Gizmoz

LXer

UbuntuBuzz

SparkyLinux

Linux Journal

Linux Today

System 76

Kernel Planet

Purism

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

LWN

Active forum topics

Collabora

FOSS Post

Gnu Planet

FOSSLinux

Phoronix

OpenSource.com

Kde Planet

Fedora Magazine

Mozilla