Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.
The browser maker has been testing DoH support in Firefox since 2017. A recent experiment found no issues, and Mozilla plans to enable DoH in the main Firefox release for a small percentage of users, and then enable it for a broader audience if no issues arise.
“If this goes well, we will let you know when we’re ready for 100% deployment,” said Selena Deckelmann, Senior Director of Firefox Engineering at Mozilla.
What is DoH?
DoH (IETF RFC8484) allows Firefox to send DNS requests as normal-looking HTTPS traffic to special DoH-compatible DNS servers (called DoH resolvers). Basically, it hides DNS requests inside the normal deluge of HTTPS data.
By default, Firefox ships with support for relaying encrypted DoH requests via Cloudflare’s DoH resolver, but users can change it to any DoH resolver they want.
When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.
By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.
If you open Facebook’s mobile app today, it will likely suggest that you try the company’s new Dating service, which just launched in the U.S. after a rollout in 19 other countries last year. But with the company’s track record of mishandling user data, and its business model of monetizing our sensitive information to power third-party targeted advertising, potential users should view Facebook’s desire to peek into our bedrooms as a huge red flag.
Today marks the last day that the Ecuadorean prosecution has to investigate its case against Ola Bini, the Swedish free software programmer who was arrested there in April and detained for over two months without trial and without clear charges. On Thursday, the judge accepted a plea by the prosecutors to change the nature of the charges, switching from one part of Ecuador’s broad cybercrime statute to another. It seems likely that the prosecution will rely on evidence uncovered a few weeks ago that depicted Bini accessing an open, publicly available telnet service: an act that is, in itself, entirely legal under any reasonable interpretation of the law.
The sudden swapping out of charges at the last moment is just the latest twist in a politically charged and technically confused prosecution. It should be no surprise, then, that Amnesty International this week released a statement denouncing Ecuador’s treatment of Bini. The organization, which works to protect human rights globally, has determined that the Ecuadorian state failed to comply with its obligations under international law during Bini’s arrest and subsequent detention. In addition to this pronouncement, Amnesty has also expressed serious concern that political interference jeopardizes the chance for a fair trial, concerns that EFF has raised as well.
A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet.
The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. This code was meant to show popup ads or to redirect incoming visitors to other websites.
However, two weeks ago, the group behind these attacks changed its tactics. Mikey Veenstra, a threat analyst with cybersecurity firm Defiant, told ZDNet today that starting with August 20, the hacker group modified the malicious code planted on hacked sites.
Facebook Inc acknowledged a flaw in its Messenger Kids app, weeks after two U.S. senators raised privacy concerns about the application, and said that it spoke to the U.S. Federal Trade Commission about the matter.
“We are in regular contact with the FTC on many issues and products, including Messenger Kids,” Facebook Vice President Kevin Martin wrote in a letter to two Democrats, which is seen by Reuters. He described the flaw as a “technical error”.
The letter dated Aug. 27 was sent to Democratic Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut.
EFF is teaming up with the Mozilla Foundation to tell Venmo to clean up its privacy act. In a public letter sent to President/CEO Dan Schulman and COO Bill Ready today, we are telling Venmo to make transactions private by default and let users hide their friend lists.
Both EFF and Mozilla have voiced concern with Venmo’s privacy practices in the past. Venmo is marketed as a way for friends to send and receive money, so people can easily split bills like restaurant checks or concert tickets. However, those transactions are public by default, which can reveal private details about who you spend time with and what you do with them. While users do have an option to hide their transactions if they dig into Venmo’s privacy settings, there is no way for users to hide their friend lists. That means that anyone can uncover who you pay regularly, creating a public record of your personal and professional community.
A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election.
Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system’s private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.
By default, Facebook tracks what you do even when you’re not on Facebook, like the products you shop for, the political candidates you donate to, and the porn you watch, using tools like Facebook Pixel, a small piece of code deposited on millions of websites across the internet. The social network uses that information to target you with personalized ads—a business model that is now worth billions of dollars.
But that model has also come under increased scrutiny as privacy advocates, lawmakers, and pundits continue to question why anyone should trust Facebook with their data. In the aftermath of the Cambridge Analytica scandal last year, Facebook promised that users would soon have more control over their information using a “Clear History” tool, which would delete people’s off-platform browsing records. More than a year later, the company finally announced Monday it’s rolling out the feature, now called “Off-Facebook Activity.” People in Ireland, South Korea, and Spain will have access to the long-anticipated tool first, and it will be rolled out in the coming months to all Facebook users.
Facebook Inc. has been paying hundreds of outside contractors to transcribe clips of audio from users of its services, according to people with knowledge of the work.
The work has rattled the contract employees, who are not told where the audio was recorded or how it was obtained — only to transcribe it, said the people, who requested anonymity for fear of losing their jobs. They’re hearing Facebook users’ conversations, sometimes with vulgar content, but do not know why Facebook needs them transcribed, the people said.
Facebook confirmed that it had been transcribing users’ audio and said it will no longer do so. “We paused human review of audio more than a week ago,” the company said Tuesday. The company said the users who were affected chose the option in Facebook’s Messenger app to have their voice chats transcribed. The contractors were checking whether Facebook’s artificial intelligence correctly interpreted the messages, which were anonymized.