On Sun, 18 Mar 2018, Eric Shepherd (Sheppy) wrote:
I don't have such a far-reaching agreement with my ISP and its DNS. I don't
have such an agreement at all with 8.8.8.8 or other publicly provided DNS
operators.
What other precautions or actions can we do to reduce the risk of this being
perceived as problematic? Would reducing the test population really make it
much different?
I definitely see some easy ways this could be problematic from a public
relations perspective given things going on in the industry these days and
some of our own mistakes the in the past. It's definitely worth taking a
little while to consider the implications before throwing the switch.
On Sun, Mar 18, 2018 at 8:39 PM, Dave Townsend <dtowns...@mozilla.com>
wrote:
On Sun, Mar 18, 2018 at 5:27 PM Patrick McManus <pmcma...@mozilla.com>
wrote:
Obviously, using a central resolver is the downside to this approach -
but
its being explored because we believe that using the right resolver can
be
a net win compared to the disastrous state of unsecured local DNS and
privacy and hijacking problems that go on there. Its just a swamp out
there
(you can of course disable this from about:studies or just by setting
your
local trr.mode pref to 0 - but this discussion is meaningfully about
defaults.)
I believe that a good resolver makes all the difference. I'm just concerned
about the privacy aspects of this, particularly since we're not really
messaging this to users. Is there a reason we need a full 50% of Nightly
population to get the data we need here?
On that topic I'm interested in what data we expect to get, is it just
comparing how the resolver performs from a variety of locations and for a
variety of lookups?
Is there some mechanism in place for users who's normal DNS resolver
intentionally returns different results to global DNS (e.g. for region
spoofing etc.)?
And in this case the operating agreement with the dns provider is part of
making that right choice. For this test that means the operator will not
retain for themselves or sell/license/transfer to a third party any PII
(including ip addresses and other user identifiers) and will not combine
the data it gets from this project with any other data it might have. A
small amount of data necessary for troubleshooting the service can be
kept
at most 24 hrs but that data is limited to name, dns type, a timestamp, a
response code, and the CDN node that served it.
Not retaining IP addresses is good. Can they perform aggregate tracking of
hostname requests, or tie common hostname requests from an origin together
somehow? What is our recourse if they break this agreement (the recent
Facebook debacle seems likely to make folks jumpy).
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
--
/ daniel.haxx.se
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
