this post was submitted on 06 Sep 2023
1371 points (98.3% liked)

Technology

58303 readers
6 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Google enables advertisers a look into your browsing history...

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

Could you give me an eli5 on the DNS part?

[–] [email protected] 13 points 1 year ago (1 children)

Sure, Firefox introduced a security feature: DNS over HTTPs. So instead if asking some DNS server that is configured on the local system, for the IP that belongs to a Domain name, am external service is asked via HTTPs.

While this is in theory a good idea, and has some benefits, the Firefox implementation was bad:

  • the external partner was cloudflare. There where no additional informations out at that time.
  • there where no opt out option

Users, that where forced into DNS over HTTPS could no longer resolve internal hostnames. This was a killer in office environments. And after the fix for that, everything was first submitted to cloudflare and only if cloudflare could not resolve the hostname, the local DNS server was asked, leading to potential information leaks. Also a no go for companies.

Firefox has fixed these issues by providing privacy policies, the option to choose other DNS over HTTPS providers and the option to define what domains should never be resolved externally.

But they lost trust in many professional environments because of that move.

[–] [email protected] 5 points 1 year ago (1 children)

Thank you. Yeah that sounds like a really bad move on their part.

[–] [email protected] 8 points 1 year ago

I totally forgot one essential fact: the reason for DNS over HTTPS itself was perfectly valid: ISP's in the US are using DNS lookups of their customers for advertising. The idea is to prevent this kind of privacy breach. And it is very effective against it.

Just rye ideological driven implementation was bs