Mozilla Monitor website will be down for 2 hours starting 5/20/2025 at 6 AM PT. Visit our status site for updates.

Avatar for Username

Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

DoH question -- am I understanding this right?

  • 2 Antworten
  • 0 haben dieses Problem
  • 5 Aufrufe
  • Letzte Antwort von markwarner22

undeference
undeference
more options

It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain:

  • There is no fine-grained control
  • There is no ability for the user to choose what level applies to what networks
  • Default Protection provides no protection when there is a canary domain (trivial)
  • Increased Protection provides no protection when the default provider fails (trivial)
  • Max Protection requires manual intervention when the default provider fails
  • Bonus: it's inconvenient or impossible to use on mobile

For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.

It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain: * There is no fine-grained control * There is no ability for the user to choose what level applies to what networks * Default Protection provides no protection when there is a canary domain (trivial) * Increased Protection provides no protection when the default provider fails (trivial) * Max Protection requires manual intervention when the default provider fails * Bonus: it's inconvenient or impossible to use on mobile For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.

Alle Antworten (2)

undeference
undeference Fragesteller
more options

When I said "default provider", I meant the provider that is used by default, according to the user's preferences (or according to Mozilla's preferences in the case of Default Protection). Of course, if the user sets a lesser known DoH provider, some of the issues are less significant. It mainly applies to the major DoH providers.

Hilfreich?

markwarner22
markwarner22
more options

Did you read this link FAQ yet.

https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs

Hilfreich?

Stellen Sie eine Frage

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.