You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 4.17K Posts
- 105K Comments
- Modlog
deleted by creator
Interestingly someone from Cloudflare is one of the authors here.
https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-00.html
Cloudflare s blog post about it (or at least one of them): https://blog.cloudflare.com/stronger-than-a-promise-proving-oblivious-http-privacy-properties/
Sounds nice and all but Google won’t adopt this for sure and many other big tech companies that have much power on the internet, like Cloudflare.
Edit:
Guess I was wrong.
I doubt that Cloudflare won’t adopt it. They’re actually pretty privacy focused. What’s funny about your comment, is at the time of viewing, the comment above yours in this thread links to the authoring of the draft. Which lists an employee from Mozilla and an employee from Cloudflare. Repo for the source draft is here. If you view the commits you can see authors. Click the names to view their profiles
Yes, that was also my post, haha.
OHTTP is awesome! surprised something like this wasn’t implemented earlier
Question: with this introducing another party into these requests, wouldn’t this be exposing you to another company? If i recall correctly, Firefox connects to cloudflare by default.
See my comment earlier; what they’ve done is split the PII so that Mozilla and Cloudflare get less of it and Fastly only gets to handle the encrypted parts. It’s a good approach to PII siloing that ensures no one player gets enough to be actionable.
That said, it still introduces yet another party/point of failure.
removed by mod
These are absolutely reasonable criticisms.
But Mozilla is better that the big G in this respect, and fastly is at least attempting to do something. So for that, I give them kudos. Especially on the heels of the Encrypted Hello announcement.
Interesting. You’re probably the first person in years I’ve seen critical of firefox from a privacy standpoint. You really think they’re that bad? Genuinely asking.
removed by mod
I mean what would you use instead? I just don’t think there is a single, reasonably functional browser out there with privacy as good as FF’s. If there is I truly am all ears. I run little snitch mini a ton and FF doesn’t seem to trip it off, but I’m sure some stuff happens I haven’t caught. Always good to scrutinize these things though.
removed by mod
I use Proton VPN + uBO so anymore extensions are at best redundant, at worst memory hogs and conflicting with each other. I found decentraleyes to be pretty worthless personally.
It is probably time I set up wireshark yes
If they are that bad according to him , idk what browser he uses because there is no other option. Firefox is the only non google browser , then brave and all those other shittie chromium browsers.
Safari/Epiphany
Yeah I mean I guess he could use Mullvad but it’s just a FF fork anyway so idk
Fire fox is living up to it’s name as they are on fire. Everytime I see a tech update from any of the major players it’s always bad, except Firefox. Keep being real. I luv u
removed by mod
Just use librewolf or any other installation method
removed by mod
deleted by creator
removed by mod
deleted by creator
deleted by creator
What you use then? Let me guess Brave? People talk a lot of shit about Firefox but they are really the few companies that care about privacy.
removed by mod
It’s chromium. No thanks.
removed by mod
deleted by creator
I would rather trust firefox a bit implicitly than passively give Google more control over the internet. That’s not a slight at you, your concerns about FF are totally valid. But Chrome and chromium have achieved such dominance that it rises to a higher priority for me than skepticism of FF.
removed by mod
Good: this splits the data requests so that Mozilla and Fastly each hold only a part of the requests, and yet still stand in the way of leaking fingerprinting data from browser users to target websites.
Bad: one more organization injected into the trust chain, one more point of both security and operational failure.
They’ve already screwed up. This is another way they’re trying to sneak unwanted bullshit into the fabric of the internet.
Next I want you to look closely at this author.
Uhuh. First problem is he’s a VP. This man’s job demands that what he sells makes MONEY first.
Next let’s have a look at the mini bio. (Emphasis added)
It’s easy to miss because they LITERALLY gloss right over it. This dude is an ex-Googler.
Hell. To. The. No. No. No. No. No!
This is Telemetry, analytic and tracking crap BUILT RIGHT IN AT THE FUCKING PROTOCOL LEVEL
NOPE! NOPE! NOPE! FUCK NOPE!
Today’s unreadable hashes are tomorrow’s GUUIDs with Quantum Computing right around the fucking corner.
What is confirmed as cryptographically sound for now, may not be for even the remainder of the decade.
It seems like the will respect TLS, so in theory even if it failed and someone was able to intercept the request at the relay, they wouldn’t have access to the data. That being said"Harvest Now, Decrypt Later" is becoming more popular as people anticipate quantum computing may be able to crack these encryptions in bulk.