undefined | Better HN

0 pointsshawnz7y ago0 comments

Then don't buy such a device which clearly doesn't meet your needs. Why should every personal computing device on the planet be tailored to your requirements, at the cost of safety for the majority of other users? Most people don't use PiHole, they use Adblock or uBlock which are not affected by this. It's not as though they are taking away your ability to use adblocking technology.

0 comments

EvanAnderson7y ago

Macro-level view: The Mozilla Foundation may think that DNS-over-HTTPS is about "safety", but they're unwittingly furthering the agenda of those who would profit from the Internet not being decentralized. A decentralized Internet filled with devices that end users can control, should they choose, is a good thing for society, I'd argue. DNS-over-HTTPS is another piece of technology that can be used to eliminate that. It is not necessary to hand over freedom in exchange for "safety" or "security".

Micro-level view: I'm a sysadmin for my Customers, my family, and some of my friends. Inevitably I will have to deal with these awful devices. So will countless other sysadmins. I'm dreading having to deal with devices that invade my users' privacy, thwart my attempts at detecting bad actors on the network, and that just generally act like the person who paid for them doesn't actually own them.

techntoke7y ago

This is what Mozilla has been doing for a while. They enable advertisers and bad actors to profile you without any sane safeguards to prevent websites from running JavaScript code that is used in a nefarious way. If they were actually focused on protecting users, they would be working with IPFS and building other tools to help hide user identities through a permission-based system. Chrome is just as guilty, but it's not like Mozilla is trying to define new web standards to prevent this type of activity. They may as well be working together.

apostacy7y ago

Don't know why you are getting downvoted when you are completely correct.

There's so much that Mozilla could do structurally, but they are terrified of rocking the boat or disrupting their corporate underwriters.

Just like earlier today, with their anti malicious javascript features[1]; they could look into empowering the users and changing the structure of how js is run in the browser. But that might threaten advertisers, so instead they opted for a clumsly blacklisting solution instead.

If you want an accurate heuristic for predicting Mozilla's behavior, just ask "What would Google want?". It may not be Google in particular that these decisions benefit, but they absolutely benefit those entities that are locking down and siloing the internet.

[1]: https://news.ycombinator.com/item?id=19614808

shawnzOP7y ago

Regarding your second point, this change will improve privacy for your clients and make it harder for bad actors to take advantage of your network. So what's not to like? Just because your old tooling won't work anymore doesn't mean that this change is a bad thing for clients.

vetinari7y ago

If it improves privacy for the clients, it also improves privacy for the malware, and you won't be able to monitor or be alerted of it.

stirfrykitty7y ago

Most modern firewalls can decrypt/re-encrypt all traffic on the fly. The end user doesn't even notice. I've done this at my last two jobs.

More here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?...

2 more replies

JohnFen7y ago

> make it harder for bad actors to take advantage of your network.

How so? It looks to me like it makes it easier for bad actors to take advantage of my network, by making it harder to detect and block DNS lookups.

glennpratt7y ago

You are focused on unsophisticated bad actors if DNS is all it takes to block.

1 more reply

apostacy7y ago

Then Mozilla should make a crippled "safe" version of their browser that has a hard coded list of trusted servers then.

Because by making this the default, they are helping centralize the internet and greatly benefiting the entrenched powers while putting barriers to entry for the rest of us.

swiley7y ago

> Then don't buy such a device which clearly doesn't meet your needs.

That would be nice in an ideal world, unfortunately most of us live in reality.

shawnzOP7y ago

I don't know about you, but in the reality in which I live, privacy of the domain names I visit is a much bigger concern than being able to do access control with a technology that's not even made for access control.

j / k navigate · click thread line to collapse

0 comments

EvanAnderson7y ago

techntoke7y ago

apostacy7y ago

Don't know why you are getting downvoted when you are completely correct.

There's so much that Mozilla could do structurally, but they are terrified of rocking the boat or disrupting their corporate underwriters.

[1]: https://news.ycombinator.com/item?id=19614808

shawnzOP7y ago

vetinari7y ago

If it improves privacy for the clients, it also improves privacy for the malware, and you won't be able to monitor or be alerted of it.

stirfrykitty7y ago

Most modern firewalls can decrypt/re-encrypt all traffic on the fly. The end user doesn't even notice. I've done this at my last two jobs.

More here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?...

2 more replies

JohnFen7y ago

> make it harder for bad actors to take advantage of your network.

How so? It looks to me like it makes it easier for bad actors to take advantage of my network, by making it harder to detect and block DNS lookups.

glennpratt7y ago

You are focused on unsophisticated bad actors if DNS is all it takes to block.

1 more reply

apostacy7y ago

Then Mozilla should make a crippled "safe" version of their browser that has a hard coded list of trusted servers then.

Because by making this the default, they are helping centralize the internet and greatly benefiting the entrenched powers while putting barriers to entry for the rest of us.

swiley7y ago

> Then don't buy such a device which clearly doesn't meet your needs.

That would be nice in an ideal world, unfortunately most of us live in reality.

shawnzOP7y ago

j / k navigate · click thread line to collapse