Skip to main content
Topic: Patch Firefox like OpenBSD so that DNS over HTTPS is default disabled (Read 1185 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Patch Firefox like OpenBSD so that DNS over HTTPS is default disabled

Hi,

I have just discovered Artix, looks really great!

I was wondering if you guys are going to patch Firefox like OpenBSD has done so that it doesn't default to DNS over HTTPS?

https://undeadly.org/cgi?action=article;sid=20190911113856

With the agreement between Mozilla and Cloudflare, I think it's a really good idea not to have this enabled by default, and also to remove any default DNS servers so that the user provides his own.

Kind regards

Re: Patch Firefox like OpenBSD so that DNS over HTTPS is default disabled

Reply #1
Hello,
Firefox come from Arch repositories, so your best bet is to go talk to them.

The second option is to become Artix packager and take care of (at least) Firefox package.
This option is much harder because it is not one shot work but continuous for a very long time to come.

Best regards.

Re: Patch Firefox like OpenBSD so that DNS over HTTPS is default disabled

Reply #2
I know the main goal of the project is to remove the systemd crap, but has Artix formed a "policy" or guidelines regarding other issues?

Would it for example be possible to perhaps create some kind of "sanitizer" package, which contains scripts that cleans up packages that has some privacy issues related to them? I know I could just create a AUR package for myself, but would this suit the Artix project as a whole?

I have been thinking about joining the project as a package maintainer because I really like Arch, but not systemd that much since they decided to put Cloudflare as an opt-out default in the resolver, and of course a lot of other issues. However, if Artix is only about the systemd issue, and not about other things, I'm not sure because I would still have to monitor all the other issues that goes on, such as Mozilla doing the same opt-out with Firefox.

Also, I have always been annoyed with Arch not having a "free" vs "non-free" section for packages, such that one would have to opt-in in pacman.conf in order to get non-free.

What are the project leaders thoughts on these issue?

Please forgive me if I am completely of course here :)

Re: Patch Firefox like OpenBSD so that DNS over HTTPS is default disabled

Reply #3
this case is  ideal candidate for AUR package!

but not for us  :'(  (as was said before, we pactually provide no firefox package, because is not necessary).

we provide actually ungoogled-chromium package  only...

our main goal is replace systemd

Re: Patch Firefox like OpenBSD so that DNS over HTTPS is default disabled

Reply #4
https://aur.archlinux.org/packages/freedom

Just install this from the AUR if you want to ensure nonfree packages won't be installed, there aren't many around anyway it seems.


 

Re: Patch Firefox like OpenBSD so that DNS over HTTPS is default disabled

Reply #5
DNS over HTTPS is an excellent idea when you think about it. Then that way, not only is the content of your traffic encrypted (assuming you're connecting using HTTPS) but so is your DNS queries, so it's much more difficult for an adversary or your ISP to even know what websites you're going to, let alone what you're doing on them.

It's just really sad that Mozilla went with Cloudflare of all organizations. Great idea; extremely bad implementation. But at least you can configure the connection and use a different DoH service (for now anyway. I wouldn't be surprised if in the future Mozilla forces users to use cloudflare if they want to use DoH. They've made a lot of anti-user changes like that over the years, like removing the ability to disable auto-updates, ending suppport for XUL addons and forcing Linux users to install pulseaudio which can leak your IP address via webrtc if you're using a VPN, ).

On a side note, isn't it a little disturbing how many websites there are nowadays that have cloudflare integrated into them? Like bitchute for example. It could have made for a good alternative to youtube, but it has cloudflare javascripts that must be enabled in order to even view the website...