In a blog post on ungleich.ch you can read why you should stay away from DoH, DNS over HTTPS, now being rolled out by both Google in their Chrome browser and by Mozilla in their Firefox browser.
DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.
Quote from the blog post on ungleich
The author asks if DoH is bad only for EU citizens.
No, it’s bad for the US citizens too. Because whether you trust Cloudflare or not, you’ll end up directly supporting centralisation by using DoH in Firefox. Centralisation makes us depend on one big player, which results in fewer choices and less innovation. Centralisation affects everybody by creating a dangerous power and resource imbalance between the center and the rest.
Have you deactivated DoH in your Firefox browser yet?
On June 12th 2019 we wrote a blog post about a new GnuPG server being launced (keys.openpgp.org).
Yesterday Robert J Hansen published a text about vulnerabilities in the widely used SKS keyserver network. As far as we understand the new key server at keys.openpgp.org will solve many of the vulnerabilities found in the SKS keyservers.
We guess we will publish more posts on this subject the coming days! Until then it is up to each and one to read the text by Robert and to take action acordingly! If you are not subscribing to the email@example.com e-mail list we strongly recommend you to do so now to get updates on the subject!
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user’s computer.
For a long time the SKS Keyserver pool has been a de facto standard to publish public OpenPGP compatible keys. Kristian Fiskerstrand (@krifisk on Twitter) has been running the pool for more than ten years but over the years the distributed network of keyservers has been struggling with abuse, performance, as well as privacy issues, and more recently also GDPR compliance questions.
Is it time to make a change when it comes to the way you publish your public key(s)? If so, is keys.openpgp.org the solution?
The keys.openpgp.org keyserver splits up identity and non-identity information in keys. The gist is that non-identity information (keys, revocations, and so on) is freely distributed, while identity information is only distributed with consent that can also be revoked at any time.
If a new key is verified for some e-mail address, it will replace the previous one. This way, every e-mail address is only associated with a single key at most. It can also be removed from the listing at any time by the owner of the address. This is very useful for key discovery. If a search by e-mail address returns a key, it means this is the single key that is currently valid for the searched e-mail address.
In upcoming releases of Enigmail for Thunderbird as well as OpenKeychain on Android keys.openpgp.org keysever will receive first-party support.
The Ubuntu Security Podcast is a weekly podcast covering all the latest news and developments from the Ubuntu Security team. Each week the team discuss the various security updates that have been published across the Ubuntu releases, describing the technical details of both the security vulnerabilities as well as the fixes involved. Due to the expansive nature of the software packages provided by Ubuntu, each episode usually covers a diverse range of security issues, from buffer overflows, use-after-free’s and cache side-channel attacks; to cross-site scripting and cross-site request forgery.