此討論串已被封存。
如果您有需要幫助,請新增一個新問題
封存
DoH question -- am I understanding this right?
It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain:
- There is no fine-grained control
- There is no ability for the user to choose what level applies to what networks
- Default Protection provides no protection when there is a canary domain (trivial)
- Increased Protection provides no protection when the default provider fails (trivial)
- Max Protection requires manual intervention when the default provider fails
- Bonus: it's inconvenient or impossible to use on mobile
For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.
It seems to me that Firefox's DoH implementation is not just pointless but actually harmful. It is security theater. Let me explain:
* There is no fine-grained control
* There is no ability for the user to choose what level applies to what networks
* Default Protection provides no protection when there is a canary domain (trivial)
* Increased Protection provides no protection when the default provider fails (trivial)
* Max Protection requires manual intervention when the default provider fails
* Bonus: it's inconvenient or impossible to use on mobile
For DoH to be useful, the user has to invest effort they could better spend setting up a proper system-level solution.
所有回覆 (2)
When I said "default provider", I meant the provider that is used by default, according to the user's preferences (or according to Mozilla's preferences in the case of Default Protection). Of course, if the user sets a lesser known DoH provider, some of the issues are less significant. It mainly applies to the major DoH providers.
Did you read this link FAQ yet.
https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs