Mozilla will shut down Pocket’s services on July 8, 2025. At that time users will no longer be able to access the Pocket website, apps and API. You can export your saved items and API data until October 8, 2025 before they are permanently removed. For more information, see this article.

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

DoH question -- am I understanding this right?

It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain:

  • There is no fine-grained control
  • There is no ability for the user to choose what level applies to what networks
  • Default Protection provides no protection when there is a canary domain (trivial)
  • Increased Protection provides no protection when the default provider fails (trivial)
  • Max Protection requires manual intervention when the default provider fails
  • Bonus: it's inconvenient or impossible to use on mobile

For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.

It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain: * There is no fine-grained control * There is no ability for the user to choose what level applies to what networks * Default Protection provides no protection when there is a canary domain (trivial) * Increased Protection provides no protection when the default provider fails (trivial) * Max Protection requires manual intervention when the default provider fails * Bonus: it's inconvenient or impossible to use on mobile For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.

All Replies (2)

When I said "default provider", I meant the provider that is used by default, according to the user's preferences (or according to Mozilla's preferences in the case of Default Protection). Of course, if the user sets a lesser known DoH provider, some of the issues are less significant. It mainly applies to the major DoH providers.

Helpful?

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.