Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 19 Sep 2018, 23:49
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Firefox and Trusted Recursive Resolver
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1322
Location: Canada

PostPosted: Wed 20 Jun 2018, 19:22    Post subject:  Firefox and Trusted Recursive Resolver
Subject description: more privacy than ever with TRR and DNS over HTTPS
 

https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/

Networks can get away with providing untrustworthy resolvers that steal your data or spoof DNS because very few users know the risks or how to protect themselves.

Even for users who do know the risks, it’s hard for an individual user to negotiate with their ISP or other entity to ensure that their DNS data is handled responsibly.

However, we’ve spent time studying these risks… and we have negotiating power. We worked hard to find a company to work with us to protect users’ DNS data. And we found one: Cloudflare.

Cloudflare is providing a recursive resolution service with a pro-user privacy policy. They have committed to throwing away all personally identifiable data after 24 hours, and to never pass that data along to third-parties. And there will be regular audits to ensure that data is being cleared as expected.

With this, we have a resolver that we can trust to protect users’ privacy. This means Firefox can ignore the resolver that the network provides and just go straight to Cloudflare. With this trusted resolver in place, we don’t have to worry about rogue resolvers selling our users’ data or tricking our users with spoofed DNS.


Firefox is on the forefront with its Trusted Recursive Resolver.

Further reading :
https://www.ghacks.net/2018/08/18/browsers-have-cookie-and-anti-tracking-enforcement-issues/
Firefox's Add-ons blocklist :
https://blocked.cdn.mozilla.net/
https://www.ghacks.net/2018/08/17/mozilla-bans-23-snooping-firefox-extensions/

Last edited by labbe5 on Sat 18 Aug 2018, 15:00; edited 2 times in total
Back to top
View user's profile Send private message 
upnorth


Joined: 11 Jan 2010
Posts: 284
Location: Wisconsin UTC-6 (-5 DST)

PostPosted: Fri 22 Jun 2018, 16:53    Post subject:  

That is awesome.
Was already using 1.1.1.1(non DoH), anyway. But, this is a convenient way to set and use secure DNS right in the browser.
Seems to work now on v60 as well.
about:networking#dns
--------------------------------------------
btw, here are the two parameters to set under about:config
network.trr.mode;2
network.trr.uri;https://mozilla.cloudflare-dns.com/dns-query

Last edited by upnorth on Sat 23 Jun 2018, 23:29; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website 
nosystemdthanks

Joined: 03 May 2018
Posts: 332

PostPosted: Sat 23 Jun 2018, 20:08    Post subject:  

gee, thanks to mozilla i cant even trust my laptop speakers to stay muted.

i literally just clipped the wires to them-- i dont need laptop speakers, i do want them to stay quiet though. unfortunately mozilla requires pulseaudio these days, which in turn unmutes the speakers every time i pull the headphones out.

sure, lennart has hidden some setting somewhere on the system, however these things worked fine for about 15 years before the little douche came and broke them.

ive tried enabling and disabling auto-mute, that setting is no longer respected.

i wish there was a wire i could clip to stop this sort of regular sabotage to the software i use. like one that would drop an anvil on his fingers or something, but i dont trust mozilla to protect me from mozilla these days; im certainly not going to trust them to protect me from anybody else.

they stopped being a real organisation over a year ago. i dont let mozilla handle dns anyway. just be a browser; you use way more resources than any other functionality of my entire computer setup, including running other operating systems using kvm, its ridiculous.

i dont even trust mozilla to run updates on its own plugins anymore-- last time i trusted it with that, it turned off stuff i wanted left on-- not when i restarted the browser and could do something about it, it just decided to be dynamic about it. i wouldnt trust firefox farther than i could smack its developers.

_________________
strengthen the public domain, use free culture/free sw licenses and cc0
Back to top
View user's profile Send private message Visit poster's website 
rcrsn51


Joined: 05 Sep 2006
Posts: 12324
Location: Stratford, Ontario

PostPosted: Sun 24 Jun 2018, 09:55    Post subject:  

nosystemdthanks wrote:
unfortunately mozilla requires pulseaudio these days, which in turn unmutes the speakers every time i pull the headphones out.

Just out of curiosity, I checked this in Firefox+apulse. There was no such bad behaviour.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1322
Location: Canada

PostPosted: Tue 07 Aug 2018, 17:47    Post subject: Mozilla's new DNS resolution is dangerous
Subject description: All your DNS traffic will be sent to Cloudflare
 

https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/

With their next patch Mozilla will introduce two new features to their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted Recursive Resolver (TRR). In this article we want to talk especially about the TRR. They advertise it as an additional feature which enables security. We think quite the opposite: we think it's dangerous, and here's why.
Back to top
View user's profile Send private message 
upnorth


Joined: 11 Jan 2010
Posts: 284
Location: Wisconsin UTC-6 (-5 DST)

PostPosted: Thu 09 Aug 2018, 18:52    Post subject:  

That article made for good comedy reading Smile
Too bad it didn't have a comment section Twisted Evil

added:
Here is cloudflare's info:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/

New article today 20 August on thereg:
https://www.theregister.co.uk/2018/08/20/dns_interception/
Back to top
View user's profile Send private message Visit poster's website 
labbe5

Joined: 13 Nov 2013
Posts: 1322
Location: Canada

PostPosted: Fri 31 Aug 2018, 18:27    Post subject: Mozilla to Block Tracking Cookies in Firefox
Subject description: blocking tracking cookies by default in the name of consumer privacy
 

https://threatpost.com/bucking-the-norm-mozilla-to-block-tracking-cookies-in-firefox/137110/

Web tracking has long been in the cross-hairs of privacy advocates, who say that marketers know entirely too much about individuals’ online activities. And to add insult to injury, the ubiquitous cookie system used to enable tracking also presents potential security threats, including cross-site request forgeries (CSRF). To combat these bugbears, Mozilla is planning to disable cross-site tracking by default in its Firefox browser.

“In the physical world, users wouldn’t expect hundreds of vendors to follow them from store to store, spying on the products they look at or purchase,” Mozilla’s Nick Nguyen pointed out, in a posting on Thursday. “Users have the same expectations of privacy on the web, and yet in reality, they are tracked wherever they go.”

Further reading :
https://teachmehacking.com/footprinting-reconnaissance-techniques
https://teachmehacking.com/internet-knows-about-you/
https://www.ghacks.net/2018/09/03/save-any-webpage-as-a-single-file-in-chrome-or-firefox/
https://www.bleepingcomputer.com/news/software/firefox-to-recommend-extensions-related-to-sites-you-visit/
https://nakedsecurity.sophos.com/2018/09/07/firefox-finally-casts-windows-xp-users-adrift/

Last edited by labbe5 on Sun 09 Sep 2018, 15:33; edited 5 times in total
Back to top
View user's profile Send private message 
mikeslr


Joined: 16 Jun 2008
Posts: 2620
Location: 500 seconds from Sol

PostPosted: Fri 31 Aug 2018, 21:22    Post subject: Thanks, labbe5, for the report  

See title.
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1668
Location: N.E. USA

PostPosted: Mon 03 Sep 2018, 20:13    Post subject:  

The problem in the USA is that the ISP's have been granted an exception to place ads in the e-mail. This opens the door to have the e-mail 'intercepted'. See this article.

*** Edited to correct location in the article. ***

Regards
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0662s ][ Queries: 11 (0.0219s) ][ GZIP on ]