Language Selection

English French German Italian Portuguese Spanish

Mozilla: DNS/DoH, USA FREEDOM Act, Critiquing Design and Sandboxing

Filed under
Moz/FF
  • Firefox continues push to bring DNS over HTTPS by default for US users

    Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.

    A little over two years ago, we began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). To put this change into context, we need to briefly describe how the system worked before DoH. DNS is a database that links a human-friendly name, such as www.mozilla.org, to a computer-friendly series of numbers, called an IP address (e.g. 192.0.2.1).

  • The Facts: Mozilla’s DNS over HTTPs (DoH)

    The current insecure DNS system leaves billions of people around the world vulnerable because the data about where they go on the internet is unencrypted. We’ve set out to change that. In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol to close this privacy gap within the web’s infrastructure. Today, Firefox is enabling encrypted DNS over HTTPS by default in the US giving our users more privacy protection wherever and whenever they’re online.

  • Goals for USA FREEDOM reauthorization: reforms, access, and transparency

    At Mozilla, we believe that privacy is a fundamental digital right. We’ve built these values into the Firefox browser itself, and we’ve pushed Congress to pass strong legal protections for consumer privacy in the US. This week, Congress will have another opportunity to consider meaningful reforms to protect user privacy when it debates the reauthorization of the USA FREEDOM Act. We believe that Congress should amend this surveillance law to remove ineffective programs, bolster resources for civil liberties advocates, and provide more transparency for the public. More specifically, Mozilla supports the following reforms...

    [...]

    Second, the program may not provide sufficiently valuable insights in the current threat environment. In a recent Senate Judiciary Committee hearing, the government acknowledged that the intelligence value of the program was outweighed by the costs and technical challenges associated with its continued operation. This conclusion was supported by an independent analysis from the Privacy and Civil Liberties Oversight Board (PCLOB), which hopes to publicly release an unclassified version of its report in the near future. Additionally, the shift to other forms of communications may make it even less likely that law enforcement will obtain useful information through this specific authority in the future.

    And finally, some technological shifts may have made the CDR program too complex to implement today. Citing to “technical irregularities” in some of the data obtained from telecom providers under the program, the NSA deleted three years’ worth of CDRs that it was not authorized to receive last June. While the agency has not released a specific explanation, Susan Landau and Asaf Lubin of Tufts University have posited that the problem stems from challenges associated with measures in place to facilitate interoperability between landlines and mobile phone networks.

  • Critiquing Design

    This is me about 25 years ago, dancing with a yoga ball. I was part of a theater company where I first learned Liz Lerman’s Critical Response Process. We used this extensively—it was an integral part of our company dynamic. We used it to develop company work, we used it in our education programs and we even used it to redesign our company structure. It was a formative part of my development as an artist, a teacher, and later, as a user-centered designer.

    What I love about this process is that works by embedding all the things we strive for in a critique into a deceptively simple, step-by-step process. You don’t have to try to remember everything the next time you’re knee-deep in a critique session. It’s knowledge in the world for critique sessions.

  • Firefox for Mac and Linux to get a new security sandbox system

Firefox turns controversial new encryption...

  • Firefox turns controversial new encryption on by default in the US

    Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic that’s typically sent over an unencrypted plain text connection, and which could allow others to see what websites you’re visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.

  • Firefox flips on default DNS over HTTPS to encrypt Internet traffic at the source

    For its part, Mozilla downplays any potential risk and vows to work with companies, schools, and other organizations, as well as ISPs to mitigate concerns over DoH. In a statement to ZDNet, the company said it was “We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure.”

    To use default DoH, you need to update or download the latest version of the Firefox browser (73.0.1). Users can disable default DoH on the Firefox browser—or enable it if you’re outside the U.S.—by visiting the Network tab under General settings and unchecking the Enable DNS over HTTPS box.

Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

  • Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

    Historically, like much of the internet, DNS hasn't been all that secure. That's why Mozilla last year announced it would begin testing something called "DNS over HTTPS," a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in government, telecom, or other organizational efforts to use DNS records to block and filter content, or track and sell user activity.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

  • Install and Configure Grafana on Kubernetes

    We are going to deploy Grafana to visualise Prometheus monitoring data.

  • How to Install and Use Docker on Ubuntu 20.04 | 18.04

    Docker is a free, open-source and cross-platform containerization tool that helps you to deploy and run the application in an isolated environment. Docker has become one of the most important parts of modern software development and DevOps pipelines.

  • How to Find Cheap Linux VPS? [Ed: Potentially a bit spammy (the links in there)]

    VPS stands for a Virtual Private Server. This is a virtual machine that is commonly used for hosting a web site. You can buy a VPS from a hosting provider companies such as Routerhosting, and based on your requirements. Each VPS provides you a private resource on a server to host your website. Likewise, you can use a shared VPS that is more affordable but in low security. Another noticeable factor for selecting a perfect VPS is operating system. The operating system that you select for VPS will have a strong impact on your business or the field of your action. There are two options available including Windows VPS and Linux VPS. Although there are many basic functions that are common between them, but selecting the OS completely depends on users and their preferences. As you know Linux VPS is more popular than Windows. You can easily find a cheap Linux VPS with great speed, function, and security.

  • 4 ways to identify your current shell (if it’s bash)

    Knowing which run you are using on your system is an important piece of information. Your shell determines your login environment to a large extent as it controls which environment variables get exported, your shell prompt etc. On a Linux system it’s almost certain that you will using the bash shell unless the system administrator has deliberately changed it to something else. In this quick article we will demonstrate four ways you can determines if you are running the bash shell or not.

  • Alan Pope: The Black Oblong of Monospace Mystery

    I originally titled this post “Don’t be afraid of the command line”, but decided “Black Oblong of Monospace Mystery” was more fun. Is the command line really scary? It doesn’t feel like that to me, but I grew up with an interface which looks like this on first boot.

  • What Is DNS Server?

    What is DNS Server? DNS stands for Domain Name System. This is actually a service that runs on all of our computers but majorly it runs the entire internet. We type a website in the browser and with the bling of our eyes the website is open. Have you ever wondered how does that happen? In today’s article, we will learn the process of how the website opens so fast and how DNS plays an important role in this process. We already know that every website is saved in a server that is located somewhere in the world. We need to reach this server and ask for the website homepage. In order to reach this Server, we need the address. When we want to visit a person in real life, we need his home address but in the world of the internet, we need the logical address. Internet Protocol, also known as IP Address is the logical addressing system. In order to reach a website we need to enter its server IP in the browser and the server will reply with the homepage. Initially, when the internet was in its infancy, people kept the record of IP addresses. Gradually, the internet because huge, and keeping the record of IP addresses was a challenge. The markers of the Internet knew that humans are very good at remembering names than numbers. They came up with the idea of a DNS Server.

  • How to install Proton VPN on a Chromebook

    Today we are looking at how to install Proton VPN on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • How to Install AppImage in Linux

    AppImage is format for packaging applications which is self-contained. It is the universal software package format compatible with various Linux distribution. In the traditional system of installing software packages, you need to download, extract and install on various directories of the system. But with the AppImage there is no extraction, no installation, no root permission, you just download the single package, make it executable and run it with a single click. It includes all the compressed image, dependencies, and libraries needed to run the software. Even to uninstall the application, you will just remove the AppImage file.

TV-Lite – GTK 3 IPTV, Sopcast, Acestream Player for Linux

TV-Lite is a free open-source IPTV player with Sopcast and Acestream handling capabilities, which runs in Linux and Windows. TV-Lite aims to be a replacement for the older TV-Maxe. It so far uses VLC for media playback, and need Acestream and / or Sopcast for this program to be able to handle the respective stream types. Read more

Qubes OS 4.0.4-rc2 has been released!

We’re pleased to announce the second release candidate for Qubes OS 4.0.4. Read more

NuTyX 20.12.1 available with cards 2.4.124

I am very happy to announce the new version of NuTyX 20.12.1 and cards 2.4.124. The compilation chain is completely rebuilt in addition to glibc 2.32, gcc 10.2.0 and binutils 2.34 The xorg-server graphics server version 1.20.10, the Mesa 3D library in 20.3.2, gtk3 3.24.24 and qt 5.15.2 are also in their latest versions. The python interpreters are ent 3.9.0 and 2.7.18. The XFCE desktop environment is updated to version 4.14.3. The MATE desktop environment is also updated to version 1.24, the latest version available. The KDE desktop environment is available in Plasma 5.20.4, Framework 5.76.0 and applications in 20.12.1. et les applications en 20.12.1. Available browsers are: firefox 84.0.2, chromium 87.0.4280.88, falkon 3.1.0, epiphany 3.38.2, etc Many desktop applications have been updated as well like thunderbird 78.6.1, Scribus 1.5.6.1, libreoffice 7.0.4.2, gimp 2.10.22, etc. Core NuTyX ships with Long Term Support (LTS) kernels: 4.9.253, 4.14.217, 4.19.170, 5.4.92 and 5.10.10 and the latest stable version 5.10.10. Read more