Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Your ISP can gather them with much, much more effort. There is privacy value in making things harder. The only motivation your ISP has for logging this is making money; if getting the information is too tedious and expensive why would they bother?

> and Cloudflare can gather them from DNS

but is contractually forbidden from saving that information.

> What happens if they get a FISA warrant?

They have to follow the law? Wrong threat model.



> Wrong threat model.

You are not permitted to hand-wave corrupt government interception or rubberhosing of civilian data as "wrong threat model." These technologies are central to, and must be focused specifically on, protecting all civilian data from all governments. That is the primary purpose of all privacy systems. Not to protect you from coffee-shop denizens trying to snoop which dating sites you use.


Your ISP is subject to the same FISA warrant threat.

If it's one of the large monopoly providers, it's as much a one-stop-shop as Cloudfront is.


Not outside the US. Now unless Mozilla decides to pick a different DoH party for deployment in EU, the problem will come back.


Fair point. I'd meant to add "inside the US". The warrant hypo strongly implies this, though as you note, needn't necessarily.

Though outside the US, the NSA doesn't require a FISA warrant to intercept data, nor does it face any US legal restrictions on doing so.


The internet is as much of a monopoly outside of the US for example Tiscali in Europe. We have the same kangaroo courts when it comes to getting warrants to invade people privacy.

At least from a general perspective I don't see a big difference.


But it's not one or the other; an EU court will make a warrant for the ISP traffic data, and an US court for the DNS requests. You become vulnerable to both.


1.1.1.1 operates on edges of CloudFlare CDN - EU users will be handled by EU DNS server. And there’s no logging.


Cloudflare is still a US company. Do you have any FISA jurisprudence showing that simply running the server on another country makes it immune to warrants?

> And there’s no logging.

Until the courts say there must be.


> The only motivation your ISP has for logging this is making money; if getting the information is too tedious and expensive why would they bother?

I used to work at an ISP.

We configured (wrote policy language for) our DPI platforms to do header inspection of all HTTPS traffic to measure customer experience to different websites, to improve the customer experience.

The raw data was (theoretically) accessible to ~4 people and deleted as soon as ETL had succeeded, and the anonymised results (aggregated only by region, product etc.) were available to the operations team (another ~8) and product management (~4).

This complies with our countries personal information regulations.

Mozilla proponents seem to be quite anti-ISP.

Why is that?

>> What happens if they get a FISA warrant?

> They have to follow the law? Wrong threat model.

If this happens for non-US citizens, this is violation of privacy laws of the affected user.

If this is rolled out, I will either ensure my distro switches this off by default, or have to consider changing browsers (away from Firefox).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: