Mozilla publishes FAQ reports that outline its implementation plans for DNS-over-HTTPS.
Mozilla has today clarified that “no funds are being exchanged for DNS Cloudflare requests” as part of the DNS-over-HTTPS (DoH) function currently being slowly switched on to Firefox users in the United States.
The app developer has recently been heavily criticized for its Cloudflare collaboration.
Most detractors say that Mozilla would help centralize a large amount of DNS traffic on Cloudflare’s network by using Cloudflare as the defaulation DoH resolution for Firefox.
Regular users and ISP-backed lobby groups were critical of this move, according to a recent report which cites leaked documents.
Preparation for DoH deployment in the United States
Mozilla announced that it did not include any financial incentive in its Cloudflare Partnership in its FAQ page published today, which a Firefox engineer shared with ZDNet.
The FAQ page helps users to understand how the DoH interface functions.
In the next few days, US Firefox users will see the following popup asking whether they want DoH to be enabled when Mozilla activates the Firefox functionality, our source tells us.
The DoH-function works by making DNS requests as users attempt to access Firefox websites, encrypt the DNS request, and send it to a DoH DNS resolution, but disguised as standard HTTPS-like traffic— the name DNS-over-HTTPS.
Since the DNS request is both encrypted and concealed in HTTPS (port 443 rather than port 53), third-party viewer client DNS requests, such as ISPs, security devices or firewalls are covered.
Privacy advocates have been excited about DoH, but networking and cyber security experts have posed several protocol concerns when Google implements this in Chrome.
In the today’s release of the FAQ page, Mozilla answered a large part of this criticism, for example:
- Why Mozilla uses a different protocol to DoH instead of DoT (DNS-over-TLS).
- What Mozilla aims to handle situations in which DoH can override parental controls or business security policies.
- How did it help DoH even if SNI leaks app traffic destinations?
- Impact of DoH on CDNs (networks for the provision of content) and more…
In addition to Cloudflare, other DoH applications will be added in the future
Most notably, however, FAQ discusses how Mozilla chooses Cloudflare as its original default DoH resolver and states it plans to add more DoH resolver in the future as long as they meet the same criteria as also decided by Cloudflare.
Such specifications include a range of user privacy and security laws, including a clause that “explicitly prohibits” DoH-resolving solutions such as Cloudflare from monetizing DoH data received from users of Firefox.
“Cloudflare was able to meet our existing strict policy criteria,” said Mozilla. “Such conditions are backed-up in our legally binding Cloudflare agreement, made public in a best privacy statement that records such rules, providing users with accountability.” Where this FAQ is enough to silence critics of the app, even Mozilla notes, nobody is or will make any money from Firefox’s DoH implementation.
Source : HackerCombat