DoH question -- am I understanding this right?
It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain:
- There is no fine-grained control
- There is no ability for the user to choose what level applies to what networks
- Default Protection provides no protection when there is a canary domain (trivial)
- Increased Protection provides no protection when the default provider fails (trivial)
- Max Protection requires manual intervention when the default provider fails
- Bonus: it's inconvenient or impossible to use on mobile
For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.
It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain:
* There is no fine-grained control
* There is no ability for the user to choose what level applies to what networks
* Default Protection provides no protection when there is a canary domain (trivial)
* Increased Protection provides no protection when the default provider fails (trivial)
* Max Protection requires manual intervention when the default provider fails
* Bonus: it's inconvenient or impossible to use on mobile
For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.
All Replies (2)
When I said "default provider", I meant the provider that is used by default, according to the user's preferences (or according to Mozilla's preferences in the case of Default Protection). Of course, if the user sets a lesser known DoH provider, some of the issues are less significant. It mainly applies to the major DoH providers.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.