The following lines were added (+) and removed (-):
=== Firefox Invasion of Privacy and Security Alert ====== secure DNS: Firefox Invasion of Privacy and Security Alert ===Firefox browser will ignore your network DNS by default in favor of DNS-over-HTTPS aka DoH. Firefox browser will ignore your network DNS by default in favor of [[DNS over HTTPS]] (aka DoH) or a type of Trusted Recursive Resolver (TRR). "''This is actually potential a huge privacy issue as it is written that [https://github.com/StevenBlack/hosts/issues/1051 Firefox by default will route all your DNS traffic] to an external source beyond your control and without your accept and knowledge, and who is the external DNS hosting company and what will they do with all the data they collect''""''This is actually potential a huge privacy issue as it is written that [https://github.com/StevenBlack/hosts/issues/1051 Firefox by default will route all your DNS traffic] to an external source beyond your control and without your accept and knowledge, and who is the external DNS hosting company and what will they do with all the data they collect?''" Answer: At present it is Cloudflare and the purpose besides their claim of security is Data Mining: they want to know more about you!* In settings look for and uncheck "Enable DNS over HTTPS" to prevent a report of all web sites (via DNS query) being sent to a 3rd party. They can see a list of where you go on the web and store that for data collection purposes such as profiling you for marketing, analytics, or something far more nefarious. * In settings look for and uncheck "'''Enable DNS over HTTPS'''" to prevent a report of all web sites (via DNS query) being sent to a 3rd party. They can see a list of where you go on the web and store that for data collection purposes such as profiling you for marketing, analytics, or something far more nefarious. * From about:config a user can set network.trr.mode to 5 to completely disable TRR. To signal that their local DNS resolver implements special features that make the network unsuitable for DNS-over-HTTPS (DoH), network administrators may configure their networks to modify DNS requests for the following special-purpose domain, called a canary domain: use-application-dns.net.[[File:firefoxsettingdns-over-https.jpg|thumb|illustration showing default setting, change this to Off|none|175px]] To signal that their local DNS resolver implements special features that make the network unsuitable for DNS-over-HTTPS (DoH), network administrators may configure their networks to modify DNS requests for the following special-purpose domain, called a canary domain: '''use-application-dns.net'''. Firefox is using '''https://cloudflare-dns.com/dns-query''' for the actual DNS resolution being performed. The Firefox Trusted Recursive Resolver (TRR) is named such in that "they" trust the DNS resolver, because they are in control. Network Administrators will mostly prefer to trust their own resolver, because my trusted resolver is certainly not what Mozilla trusts as a resolver. Quoted from a firewall vendor source, "''Mozilla has partnered with Cloudflare so that means TRR DNS queries are sent there and not to the intended server. Some people already use Cloudflare, or they don't care where the queries go, so that's a wash or a net gain. If you do not trust Cloudflare or do not want to put all your eggs in the Cloudflare basket, that's not so good.''"