Mozilla Firefox

Discussion in 'other software & services' started by Hadron, Aug 27, 2016.

  1. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    81
    ISPs don't have to log your DNS requests in order to know which sites you visit. It would be stupid and futile anyway and so for several reasons.
    For your ISP it is totally irrelevant if you use his DNS-servers or those of a third party.
    What they log are connections of your client, made to sites/servers you visit irrespective of how and by whom your DNS request are done.
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    I know that ISP logs my IP and remote IP of server I am connected to.
    Your turn. How do ISP know what website I am visiting? I don't mean IP of server, but actual website.
     
  3. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    81
    That's what ISPs are logging. IP and time span.
    If a server (IP) is hosting several websites over a secure connection than your ISP can't tell for sure which of those websites you are visiting, irrespective of what kind of DNS service you use.

    In case of a criminal investigation the ISP will have to take further steps.
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    From what I heard ISP in USA can sell user browsing history, so it is rather possible they have started logging DNS queries.
    In EU privacy laws are tighter, but there are some free Wifi hotspots (shopping center, train) and I doubt none of them log browsing history.
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
  6. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    81
    Wherefrom do you take the nonsense that ISPs are logging DNS queries?
    Logging the IPs you connect to and time stamp of the connection is more reliable whether they sell the collected data or not.
     
  7. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    81
    Here you go: https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/#comments

    Irrespective of what client you use, you can always monitor outgoing and incoming packets by using a decent sniffer.
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    There are very many ISPs, as well as companies/groups which operate their own network and would be considered an ISP for this discussion. Not to mention DNS providers. We can't assume the same logging policies across so many, diverse, entities.

    ISPs logging remote IP Addresses is surely a common practice. So that must be a scenario that is considered.

    Logging DNS queries can be advantageous including from the "maximize information collection for advertising/other purposes" POV (think DNS prefetch and/or "Smart Multi-Homed Name Resolution" like scenarios). So we should assume it is being done in some contexts.

    Server certificates are in the clear prior to TLS 1.3. SNI is in the clear prior to TLS 1.3 and encrypted SNI for TLS 1.3 is still being worked out. That has the potential to be inspected and used to acquire more information about the remote site/server/party being contacted. So we should assume that is being done in some contexts. Also, that TLS 1.3 adoption will take time.

    Point being: one has to consider a specific context, and related assumptions about *actual* logging/sharing/uses, in order to weigh switching from an ISP DNS server to another DNS provider.
     
  9. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    81
    -First-
    It is common practise to give the source in case of quoting someone and this for good reasons.

    -Second-
    Excerpt from the cited text: "ISPs logging remote IP Addresses is surely a common practice. So that must be a scenario that is considered."
    That's correct.
    As for ISPs logging DNS requests, they are wild speculations without any rationale and unreliable to say the least.

    -Third-
    Please give a rationale for why an ISP would log DNS queries instead IPs of the sites its customers are visiting.

    ------------
    There are a few situations when it makes sense not to use the DNS-servers of your ISP, such as slowness or censorship.
    There are also reasons not to use Firefox' DoH. Read carefully the comments at the end: https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/#comments
     
  10. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Nothing in my post was a quote from someone else. I was just making a clearly reasonable point about it being very foolish to assume identical logging policies across all the entities in the world that act as ISPs. You may attempt to substantiate how many of those there are, if you wish.

    Even CloudFlare's Resolver for Firefox FAQ states that their systems perform logging (should be read for details of course). What is their rationale? Could some other DNS service operators, including ISPs, have similar rationales? Could some ISPs have even worse stated policies and/or unstated ones?

    Logging is generally common [in part] because it aids in understanding/addressing technical issues with systems. Frankly, and especially when the discussion involves privacy, we acknowledge that... and also acknowledge that there are other less legitimate uses for logged data that might come into play... and start with the assumption that logging *is* taking place.

    No one, that I've seen, has suggested that there is an ISP that is logging DNS queries instead of remote IP Addresses. DNS logging and remote IP Address logging aren't mutually exclusive. The rationale for DNS logging came up in -Second- above, but I would also point out what I said in my earlier post:

    If there is means by which some additional information is leaked to a service provider, there are probably at least some service providers and/or partners of said taking advantage of that information leak.
     
  11. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    As TheWindBringeth said: DNS logging and remote IP Address logging aren't mutually exclusive.
    Why ISP would log IP and DNS queries? Because list of visited domains is more valuable for advertising industry than list of visited IP addresses.
     
  12. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    81
    Let me disagree.
    I'll even give you an example for better understanding.
    All modern and less modern browsers have a feature. It's called DNS prefetch and it is enabled by default.
    As a result, a bunch of DNS requests - by visiting a single site.
    There is no way to tell if or which of those sites have been visited for good or not.
    As a prospective buyer of gathered data, I want to know exactly which sites have been visited and how much time users have spent on each site.
    Without these informations the gathered data is unreliable, of less value and hence I will pay less for it.
     
  13. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    DNS responses have resolved IP addresses, so ISP can combine together data from IP and DNS logs to remove DNS queries that were not used to connect to IP address. Technically this is possible - i.e. basic inner join in SQL language can do that.
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I sometimes use DNS logs in conjunction with remote IP Address logs in order to determine what hostname was being communicated with. Particularly when rDNS on the remote IP Address is a CDN, I'll search said DNS logs to find a queried for name that resolved to the remote IP Address shortly before the network traffic of interest began. It isn't a perfectly reliable approach and I try to avoid utilizing it where I can, but sometimes it is just what I have to work with and it helps. So I'd chalk that up as a plus for having both DNS logs and IP Address logs.

    DNS logs can also reveal lookups that won't result in traffic that would be captured in an ISP's IP Address logs, and that information may reveal something of interest. In addition to previously mentioned things, possibilities include lookups for [now] non-existent domains, lookups which resolve to loopback or private-use or link local space, cases where disabling a local software feature disables connection attempts but not the DNS lookups.
     
  15. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    In my mind, there are three cases where ISP DNS servers could be logging the client requests:

    1) Censorship. Take example, Great Firewall of China: Goverment enforced DNS-level blocking done by ISPs. (but thats just one tool in it's toolbox, like deep packet inspection). Other example is DNS poisoning done in 2014 by Turkish ISPs.

    2) Make a buck. Sell client browsing data to advertisers.

    3) Preventing abuse. If ISPs (or any other party) is providing DNS service, then it's only smart to have at least somekind of logs for maintenance reasons.

    And sometimes it's not only the domain names visited that can be collected via DNS logging.
    If the edns0 extension is on then practically any data could be slapped into the DNS packets like client IP, MAC address, etc...

    https://www.ietf.org/archive/id/draft-tale-dnsop-edns0-clientid-01.txt

    "A similar EDNS option is already being used on the public Internet in
    two different implementations. One is between the [dnsmasq] resolver
    on the client side and Nominum's [Vantio_CacheServe] upstream. It
    uses EDNS option code 65073 from the "Reserved for Local/Experimental
    Use" range to pass the client's Media Access Control (MAC) address.
    The other implementation is for Cisco's [Umbrella], aka OpenDNS,
    which encodes the client's MAC address and complete IP address.
    It
    uses option codes 26946 and 20292, respectively, from the middle of
    the "Unassigned" range."

    EDIT:
    Nice summary of current state of DNS and privacy (EDNS in page 9)
    https://datatracker.ietf.org/meeting/97/materials/slides-97-edu-sessc-dns-privacy-01.pdf
    BTW, It's crazy that TCP as mandatory fallback DNS delivery mechanism is as late as 2010 .... :eek:
     
    Last edited by a moderator: Aug 8, 2018
  16. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    @Stefan Froberg: Thank you for the EDNS stuff. I've looked at some things, including:

    https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
    https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/

    It sounds like CloudFlare's server won't send client identifier/address information on to other servers. I don't think I saw explicit comments on what Firefox will be sending, but given the privacy claims perhaps it won't send such information to CloudFlare either. I did find an assigned bug (https://bugzilla.mozilla.org/show_bug.cgi?id=1466462) which requests that Firefox send an ECS source prefix length of 0 by default, so I guess it isn't already doing that. I haven't looked at related code.

    Do you have, or know of any, concerns in the EDNS area involving Firefox?

    While I'm posting, and for the convenience of others:

    https://datatracker.ietf.org/wg/dprive/documents/
    https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ (updated August 8, 2018)
    https://github.com/Sinodun/draft-dprive-bcp-op
     
  17. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    I honestly don't know at this point. It would be interesting to test if Cloudflare claim is true and they don't send the EDNS stuff.
    One could try check that by setting up authoritative server to rented VPS, use cloudflare dns and then check from the DNS server logs what stuff is actually received and if there is any EDNS stuff there.

    Other than using Cloudflare, I guess we have to wait till that network.trr.disable-ECS preference appears to firefox.
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    May be some test servers around too. Although, a given resolver might be using a whitelist to selectively forward.
     
    Last edited: Aug 8, 2018
  19. guest

    guest Guest

    Firefox has a decade-old bug that serves users Apple and crypto scams
    But odd 'drag and drop' flaw is unlikely too much of a threat
    August 09, 2018

    https://www.theinquirer.net/inquirer/news/3060865/firefox-decade-old-bug-apple-crypto-scams
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I usually have about 25 to 50 tabs open, that isn't a problem in Opera 12 and Firefox 52, but Vivaldi will drain your RAM. I have not yet tested Firefox 62 with so many tabs open but I guess it won't be as bad as the Chromium based browsers.
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Just for kicks and giggles, I currently have 35 tabs open in latest Chrome beta for the last 10 minutes, with the flags I mentioned above enabled. One tab is Wilders, 33 are google search page (my home page) and one is Youtube currently playing a video as I'm typing this response. Process Explorer is open and showing from 88-90% RAM usage. This is on my laptop with 4 GB RAM. It is very high usage, but there is no noticeable instability so far.
     
  22. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    How many browser addons/extensions do you have installed?
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Fours extensions: New Tab redirect, Lastpass, uBlockO and uBlockO extra
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yup, and guess what happens if you open more bloated sites at the same time. The reason why I have so many tabs open is because when I go to a news site for example, I first open all of the articles I want to read.
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I'd be curious to see what the RAM load would be if I had 8GB. I plan to add another 4 GB soon, but at any rate I would never have more than 5-7 tabs open at any one time.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.