Re: The title is no longer required.
VMs are not bulletproof, and that approach doesn't do a lot to prevent tracking.
5648 publicly visible posts • joined 20 Feb 2015
I think what we need is two sorts of browser. A dumbed-down one (the direction that both Chrome and FIrefox are taking their offrerings) that protects careless or clueless users, and a browser for those of us who want actual power.
Also, I can't help but wonder when OS makers are going to decide that applications have to be neutered because they have enough power to be abused as well.
"If you genuinely could afford a Ferrari, there's no way way you would be buying a Ford."
I personally know two people who could easily afford multiple Ferraris, but they actually own more practical cars. Wealthy people, like people who aren't so wealthy, come in all sorts of flavors and have all sorts of different attitudes.
For instance, there are plenty of wealthy people who recognize that being wealthy doesn't make you inherently superior to people are aren't as fortunate, so they don't look down on them and call them "peasants".
I run a custom ROM that omits all Google services, and I also run a firewall on it to ensure that nothing communicates out without me expressly allowing it. I backstop the on-phone firewall by using a VPN that I run out of my home, so all of my internet communications also goes through the firewall (and other defenses) I have there.
"It's a bit like moaning about the price Ferrari charges for one of their cars and then commenting that their [Ford/Toyota/Fiat/VW/etc] meets all their needs much better and at a much lower cost."
I don't moan about the price of a Ferrari. However, I do question the judgement of people who are willing to buy one.
"The US doesn't seek to restrict Huawei because of what they may do, but due to who is going to be doing it."
Although I think that's a bit of a distinction without a difference, it would be understandable if other nations start restricting the use of US technology based on the exact same reasoning.
"the ban on someone using Google's services while using any non-Google build would be proof enough."
There is no such ban as far as I'm aware. Google's services aren't open source and can't be distributed with non-Google builds due to licensing issues, but you can download the packages and install them yourself on non-Google builds and they'll work just fine.
"I think it is customary to take into consideration whether or not there actually is a conflict of interest."
No, the customary (and required) line is if there is an appearance of a conflict of interest. Whether there actually is or not isn't the important bit.
This is because it's important to the public to be able to have some measure of trust.
The problem DoH presents is that it means that no software has to use your system's resolver to do it. A program or script can do lookups using any DoH resolver it wishes, regardless of how you've set your system up, and because the lookup uses HTTPS, you won't even be able to detect that your resolver is being bypassed, let alone prevent it. That's why a MITM proxy is the only way to protect yourself against it.
"Unfortunately it puts the Raspberry Pi, which is a device relying heavily on closed source firmware and software, in a position to spy on and modify all traffic leaving and entering your network."
I don't use Pi-hole, and I wasn't suggesting that this be used in conjunction with Pi-hole. If you've installed a proxy to MITM HTTPS connections, then the proxy itself can do what Pi-hole does. Or, you can set it up like I did -- have the proxy do the lookup using your normal resolver (even through a Pi-hole) that doesn't have access to the decrypted datastream.
That said, you don't have to actually use a Raspberry Pi to run Pi-hole. You can do it entirely with OSS software and platforms.
"How does it cope with hardcoded DoH addresses"
It doesn't, that's why it's an incomplete solution. But, in practice and if you're using Firefox (where you can specify what DoH server it will use), it will cover the majority of lookups. But that only covers the web, and only for lookups made by Firefox itself. It wouldn't cover hardcoded lookups by client-side scripts, for instance.
"And MITMing SSL is almost always a really REALLY bad idea!"
Yeah, I did that reluctantly. I put a lot of thought into it, balancing the pros and cons for my situation, and doing that was the least-bad alternative that I saw. If anyone can come up with a better solution, I'm extremely eager to hear it. I'd love to be able to remove the MITM.
I don't think I'll ever really forgive Mozilla for its energetic support of DoH.
"but DNS over HTTP basically breaks this by design"
This is true, but it's not an insurmountable problem.
The easiest (but incomplete) solution is what Pi-Hole has already done: include a DoH server, so it's the one doing DNS lookups.
The complete solution, really only possible for people who are into this sort of thing right now (but could be made into a normal-person-friendly product) is what I've done: install a proxy that acts as a man-in-the-middle for all HTTPS traffic and drops undesirable DoH requests.
I don't believe them. I mean, yes, I think they value an increase in safety and performance, but it seems clear to me that those aren't the primary reasons for this change. If they were, then Google's response to the complaints would have been very different (and, as the article mentions, they would have been talking with extension developers about this from day 1).
"Extensions made it hard for Mozilla to improve FF"
In the list of reasons, this is the only one that makes and real sense and/or has any real importance. That's why I said that the article is essentially saying "we had to kill the old extensions because it was the easiest thing to do."
"100% of our devs use Chrome exclusively"
This isn't true where I work. I'd say about 2/3rds of the devs use a Chromium-based browser (none of them use Chrome proper), and the rest use some version of Firefox or a Firefox fork -- although I don't think I've seen any using a version later than 56.
"If you preferred the Firefox UI you were using Firefox."
I actually didn't like the FIrefox UI -- but until the extension change, it was possible to use CTR to fix all the things that I hated, and so the UI wasn't a big issue. Now, that is no longer possible.
"download the encrypted files and decrypt them on YOUR computer ?"
Yes, that's what "end to end encryption" means. It doesn't mean you necessarily have to do it manually, though. Applications that implement end-to-end encryption do this for you.
"if you use proprietary software provided by the cloud vendor, same, YOU ARE HAPPY TO SEND YOUR ENCRYPTION KEYS TO A THIRD PARTY."
Why would you use proprietary software provided by the cloud vendor? In any case, even if you do, it doesn't automatically mean you're sending your keys to a third party.
"Mozilla's developers need to stop worrying about injecting additional "features" and focus more on bugs and polish."
If Firefox didn't cripple the capabilities of extensions, they wouldn't have to worry about most of those features at all because they could be done with extensions (which is the proper place for most of the new features anyway), by non-Mozilla developers.
"If "the boss" is telling you to do something on or with a computer, it's one that your employer owns, and is used solely for that employer's business"
This.
My employer requires all sorts of things that I would never allow on my personal machines. That's fine -- my employer's machines aren't mine, and never interact with mine, so they can require whatever they wish.
"No matter how optimistic, or resilient you are, this ratio just steady erodes your faith in, well, human nature in general."
This isn't a universal truth. I run a couple of services alone and for free and have done so for at least a decade. I've stopped running service before because of burnout -- but I have never been bothered by the ratio you're talking about, and it has certainly not eroded my faith in anything.
"The onus should be on the reckless ‘for profit’ companies to not spill peoples personal details all over the internet."
I agree (although it's not just for profit companies that fall down on this.)
But we should also keep in mind that breaches will continue to happen even if every company handles their security very well. There is no such thing as perfect security, after all. If something can be accessed legitimately, it can be accessed illegitimately. The only question is how much time and effort is required to do it.
" it could be argued that it's in the public arena already and hence is no longer "private" "
Yes, when it comes to the breach datasets. However, people who actively use his service are supplying information that may or may not be in any of those datasets, That would be the sensitive information.
"All security is a trade-off with convenience."
Indeed so. When you're talking about why MFA hasn't been adopted widely by the average user, convenience is probably near, or at, the top of the list of reasons.
I think you covered all the options in your list. Of those, U2F is the most acceptable to me -- but I think that the requirement to buy and carry a U2F device, however cheap it is, puts off a lot of ordinary users.