Firefox and centralized DoH

Hi

I’ve switched from Chrome to Firefox because of privacytools.io. Now I’m reading THIS. Any comments? Should Firefox be considered not private because of this?

Thanks for linking, it was very interesting to read.

Firefox is still the best we have, excluding Tor Browser, and the only thing that needs doing is configuring the DNS-over-HTTPS support to use something else than Cloudflare (if you consider it as a problem, I do for the same centralization concern in your link).

If you are also using dnscrypt-proxy, it will automatically disable Firefox from sending data to Cloudflare, or if you are running your own DNS server, you can configure it to NXDOMAIN use-application-dns.net, if you are configuring Firefox by hand and don’t want to disable DoH or investigate what to put there, NextDNS is going to be an option there.

In general DoH vs DoT is a bit controversial with DoH just working everywhere, while DoT uses a separate port 853 (which public WLANs in Helsinki appear to be blocking) and has the opportunistic mode which doesn’t promote centralization.

2 Likes

Well, that could be nice, if Firefox would not try to force their Cloudflare DNS TROUGH the configured DoH DNS I’ve set up, just because I’ve blocked his telemetry domains.

I’m not tech savy enough for that, so I guess the only privacy friendly browser remaining is tor.

Somewhat reassuring https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs

1 Like

What is a privacy-friendly browser? There is no definition for this.

The Tor Browser, for instance, uses DNS servers as defined by the exit nodes. Many exit nodes use Google servers for resolving hostnames.