|
Something weird just happened to me: FF started reinterpreting all my signals. Mouse wheel scrolls became switches to larger or smaller fonts and page down caused a jump to another tab. I was also unable to close tabs by clicking on their X.
I closed FF, reopened it and got multiple tabs all trying to connect at once, many more than I have ever had open. Closed it again, waited, reopened it, and it's back to normal. What happened? This is FF-102.2.0esr. |
Quote:
|
Quote:
I run VPN over SSL which works even when standard VPN does not and adding DoH does not make sense. I would say that you are misleading people. |
1 Attachment(s)
Touchpad Two-finger swipe tricks
Two-finger swipe LEFT: back to previous page RIGHT: go to next page First Select a word in a long text line Shift + Two-finger swipe DOWN (it seems to work also with any direction, but LEFT/RIGHT prevails for back/next page) 2 selectors appear to select more text on each side Note: for now, it seems to work only with (full) wayland session |
I agree - DOH is just harmful in most cases. Its only maybe a privacy/safety win for people who are regularly taking a portable onto untrusted networks and not using a VPN.
For everyone else it just means certainty the DOH provider can watch everything you do. It also means any other things you are doing at home or in the enterprise like DNS RPZ (PiHole) etc get effectively bypassed. There is a reason Google is so supportive of DOH it basically kills adblocking on pretty much any device that isnt under the users total control - (a non jailbroken phone / smart tv / IoT anything). My belief is most people should disable doh. https://github.com/bambenek/block-doh If you are in control of the network and have the facilities to do so - I'd say kill it with fire! |
Quote:
But I totally agree that DoH controls do not belong inside the browser, all it does there is let the end users bypass admin decisions. Say for example, there's few hundred admins in total, trying to make sure that millions of users can't watch youtube at work all day.. And here comes chrome browser, to save the day, and casually enables a massive waste of time for everyone involved. It's a result of "browser" becoming the new OS, and the OS becoming a placeholder for this new "browser". TLDR; nothing specific to DoH protocol, because this sort of power grab shenanigans happen with all protocols, all the time. |
I mostly agree elcore - but DOH is more problematic to me than many of the other protocols options for "secure" DNS like say DOT. The problem is you can't see what is in 443 traffic, even where you can its not easy to do for most people. With DOT I can see at the network layer easily enough if something is talking on port 853 and determine if you are bypassing my DNS and I can even choose to block that fairly easily(hey my network my rules).
With modern TLS 1.3 I am not even going to be able to tell by APN if 443 traffic is DNS easily. If say you decide to run a binary anything you downloaded that would be expected to do any web traffic you don't know what is DNS lookups, and what is other traffic. You can't apply your DNS policy for sure because you don't know if its using the system resolver or doing its own resolution via DOH unless you interrogate all the endpoints its hitting and then they could still be playing games to hide the DOH server from you.. Realistically this applies to OSS stuff because hey did you read all the code to chromium? A big part of the problem with DOH is not JUST that it bypasses ever middle man along the path treating them a s a potential adversary, including middle men you put there yourself ( pi-hole dnsmasq etc, ) but that it conceals that it is even doing it. By attempting hide itself among other HTTPS traffic its actively designed to maximize the complexity of implementing any network policy against its use. Its not just "hey I am doing my own private DNS here" where you can make an up or down decision on if your Smart-TV should be permitted to that its intentionally put you in a position where its all or nothing in terms of communication to the internet for that device because you can't TLS intercept when you don't control its cert store and if you can intercept you can't tell the application DNS/Netflix... DOH is both user and network owner hostile. |
Quote:
Guess what? Exactly for this was invented. To bypass the censorship. And any way of bypassing censorship is good, dear Control Freak! Anyway, I bet that a company with several millions of hired guys will not use Slackware. Because the amount of manually tuning will be titanic for those "few hundred admins" and you know that. You need mass deployment of installations, mass deployment of updates, mass deployment of configuration changes, mass deployment of whatever. That's exactly what Slackware isn't. You describe RHEL there. |
Quote:
Even if its RH tools |
Quote:
Slackware is exactly reverse of the coin - it's all about "doing everything manually" . Heck, in the AD 2022 there's still a need to manually intervene to setup the bootloader after updating the kernel and we talk about the mass deployment in millions of computers? |
Quote:
If you can read r/sysadmin, these guys over there hate DoH because what it does; well it basically outsources the filtering work to google. So, if a company wants to censor, they can't rely on their admins anymore, and must consult with google instead, effectively costing these people their jobs. Anyway, I shouldn't be talking to you, because you're under sanctions according to EU. And I really don't want to be accused of "bypassing" EU restrictions by a bunch of facebook-reading, televison-watching folks, again. One dude had shown me a "redstar" screenshot, and told me "if you're using linux, you're working for the commies" or something along those lines. |
The is nothing wrong with wanting to exert control over ones own property. I have a right to decide who my my light bulbs can talk to. Similarly nothing is wrong with an Enterprise wanting to control how its computer assets are used.
Further you should stop drinking the ETF kool-aide you are not going to defeat censorship, with techno-toys. If Xi decides he doesn't want the general public going to luckys-tiananmen-memorial.com you are not going to enable that with DOH, at least not for very long. In fact if you cause such a regime to much difficulty they are very likely to crack down in much more draconian ways - go look at the news on just how China has recently started cracking down in VPNs and similar again recently.. You want to fight censorship write you congressmen tell them human rights matter as to how you vote and you want them to put the trade and sanctions screws to the bad guys. DOH isnt about censorship and its not really designed to defeat those who would censor, its designed to enable google to force ads onto you. The consequences in terms of more a free for all for malware and possibly very dangerous situation it creates for the dissidents you are so worried about when a bit of signals analysis shows they contacted some foreign DOH server be damned. Rest assured some despot some place will find that alone all the excuse required to do something terrible to someone they considered a problem. Even if that person didn't actually do anything other than download Chrome.. |
Hi all,
Be kind to (re)read this thread tittle Thx :hattip: |
Quote:
Quote:
And obligatory: "Don't blame me, I didn't vote.".. :D |
Sooooo nobody has a handle on how to edit FF keypress macros?
|
| All times are GMT -5. The time now is 02:01 PM. |