Mozilla’s new Firefox update puts user security at risk with TRR feature

https://news.thewindowsclub.com/mozillas-new-firefox-update-puts-user-security-at-risk-with-trr-feature-92904/

Mozilla faces resistance over DNS privacy test

https://nakedsecurity.sophos.com/2018/08/07/mozilla-faces-resistance-over-dns-privacy-test/

This development has got me thinking about DNS servers in general, and OpenDNS in particular (since I use and endorse it). Apart from the default opt-in argument, can any of the concerns expressed over privacy issues not also apply to OpenDNS, as a 3rd party DNS resolver?

There are a number of DNS resolvers that "claim" they don't track, log or filter DNS queries on their system, eg FreeDNS etc, but I have no way to verify those claims.

Your ISP may already be logging your DNS look-ups. And Google DNS more than likely tracks you if you use their DNS server (IP addresses 8.8.8.8 and 8.8.4.4) for your DNS look-ups. :Wink:

Occasionally any DNS server may go down, but Windows lets you specify an alternative DNS so if the primary goes down, you'd probably never know because the OS would automatically switch to the secondary if the primary stops responding.

Now if FF is going to override your Windows DNS settings, there better be a secondary that's independent of the primary server, so FF won't lose DNS look-up capabilities, which would stop that browser from functioning. But in that case you could immediately switch over to an alternative browser which uses your Windows DNS server settings.

Like Joe, I've been using (and advocating) OpenDNS.   I have no idea if they "track" me, keeping records of my surfing habits.   I guess that's a valid question.

I like OpenDNS because:

1) It's had a great track-record of "staying alive"... not being down... which is critical for any DNS server.

2) It's generally among the faster DNS resolvers, meaning you [potentially] connect to websites faster.

3) It offers lots of blocking/protection and customizable-filtering options.   For simplicity, I **CHOOSE** to use their "Family Shield", which automatically includes (some degree of) protection/blocking against malware/phishing/"adult" sites.

I also like the basic fact that I was the one who opted-IN to their service... no one imposed it on me "in the background".

From the OpenDNS FAQ website:

"Do you share any information? What is your privacy policy?

We take our users' privacy is very seriously. No information will be shared with outside parties. You can read more about our privacy policy at  http://www.opendns.com/privacy-policy/ "

- https://support.opendns.com/hc/en-us/articles/227987107-Frequently-Asked-Questions-

However this simplified policy statement is very misleading. If you use the link to actually read the privacy policy, you are taken to the Cisco (owner of OpenDNS) Online Privacy Statement. And as I read it, you have virtually no privacy:

- "We may collect data, including personal information, about you as you use our websites and Solutions and interact with us. "Personal information" is any information that can be used to identify an individual, and may include name, address, email address, phone number, login information (account number, password), marketing preferences, social media account information, or payment card number. If we link other data with your personal information, we will treat that linked data as personal information. We also collect personal information from trusted third-party sources and engage third parties to collect personal information to assist us."

I suspect that most ISPs and other 3rd party DNS resolver providers have similar policies. I don't intend to change from OpenDNS, for the reasons ky331 gave. But I have no illusions of internet privacy. And I will certainly disable the new feature in FF 62, just on principle, because of its default opt-in.

And that's just it:   are you any better-off with the privacy offered by your ISP??   They certainly can see (and have access to) any sites you surf.    

It's not like one can get-by without using a DNS-resolver... you gotta go through one of them (practically speaking).