Thinking about DNS over HTTPS

I read an interesting article on the drawbacks of DNS over HTTPS (DoH) the other day.  This comes on the heels of the news that Mozilla is rolling out DoH to all Firefox users by default

I'd never really thought too much about DoH.  In general, more encryption is usually better, so my initial thought was "it's probably a good thing", but that's about as deep as it went.  After reading a little more about the down sides, I'm less convinced.  I still think it's a probably good thing that DoH exists, but I'm note so sure that it's a good idea to push everyone toward it.

My main reservation at this point is that DoH seems architecturally wrong.  It introduces a way to do DNS queries that's not really compatible with the old way and it's not clear to me that it offers any really big wins.

Of course, I'm not saying that DoH has no benefits or use-cases.  There are definitely cases where it can be useful and add another layer of privacy.  But it kind of reminds me of PHP "security" features like safe_mode in the sense that it does solve a legitimate problem, and does so in a way that "works" (for certain definitions of "works"), but solves it at the wrong layer and in a way that can interfere with other legitimate things.

As this blog from the PowerDNS team discusses, DoH is not a panacea in terms of privacy.  Yes, it adds a layer of encryption, and that is definitely useful in some cases.  But it doesn't do anything to address the myriad other ways in which your online activity can be tracked.

Of course, that depends very much on whom you want to stop from tracking you.  Obviously it does zero to stop advertisers or website operators from tracking you - they do their tracking at a much higher level.  It also doesn't stop your ISP from tracking you - even if everything else is encrypted, you can't stop your ISP from knowing the IP addresses you visit.  I mean, that's just how the web works.  And from an IP address, you can usually determine the website pretty easily.  And, of course, your DoH provider still has access to all your DNS requests, so you better make sure you trust them.

For me, personally, the bottom line is that DoH doesn't give you anything that you don't already get with a half-way decent VPN provider.  Granted, the VPN provider is then your single point of privacy failure, so you better make sure you pick a reputable on (I like and recommend Private Internet Access).  But a VPN covers pretty much everything you can do at the network level, not just DNS for web requests.  Of course, you still need browser privacy plugins to block tracking at higher levels in the stack, but sadly that's necessary either way.

Fixing fonts in XUL apps

Today I finally got fed up enough to fix the problem with fonts in XUL apps on my work desktop.

The problem and its solution are described in this post.  Basically, in XUL-based apps like Firefox and Komodo, the text would randomly distort.  It would usually happen when scrolling through a page or something like that that causes window redraws.  If I scrolled some more, or selected some text, it would go away.  And it only seems to happen on this particular system - my laptop doesn't seem affected.

Well, turns out it's a common issue.  In my case, I was able to fix it by going into the "about:config" page and changing the gfx.direct2d.disabled setting to true and restarting the app.  Turns out that while this page is well-known in Firefox, it's also available in Komodo.  You just need use the "preview buffer in browser" tool from the toolbar.  Just choose to preview the item in a Komodo tab and then enter "about:config" as the URL.  That will take you to the exact same config page you see in Firefox.

Discontent in Firefox land

It seems the three big news sites in my aggregator - Slashdot, OSNews, and Digg - have all picked up this Wired story about Firefox. Apparently people are starting to complain that the Fox has gotten slow and bloated. I guess they haven't been paying attention.

As an Opera user, this is something of a sore spot for me. First, the contention that Firefox is getting slow is complete and utter BS. "Getting" is irrelevant. Firefox has always been slow. Granted, speed is relative, and while FF may be fast compared to plain-old Mozilla (now known as SeaMonkey), Opera has always been way faster than both of them. If you don't believe me, try running Opera and Firefox side by side on a Linux box with a 500HMz processor and less than 256MB of RAM. The difference is painfully obvious.

And speaking of RAM, Opera has always had a lower base memory footprint than Firefox. As an example, here's a quick, highly unscientific screenshot comparison of memory usage in Opera 9.20 and Firefox running on Windows XP. Note that Firefox has 9 extensions enabled and 6 tabs loaded. Opera, on the other hand, has 24 tabs loaded.
Memory usage: Firefox 49MB, Opera 23MB
The really interesting thing to note here is that Opera's memory usage is quite variable. The 22MB in the screenshot is when Opera is sitting minimized in the task bar. Once I maximize it and start browsing, the numbers go up. In fact, the memory usage got up to 120MB at one point, but as soon as I minimize the browser window, it drops back down to 20MB or so, presumably transferring the data to disk cache. When I bring the browser window back up and start switching between open tabs, the RAM usage slowly creeps back up. So Opera is actually quite smart about memory. Not so with Firefox - its memory usage remained static when I tried the same thing.

Of course, Firefox would probably have a significantly lower memory footprint with no extensions enabled. But then, what would be the point of using it? After all, extensions are one of the big selling points. It's also where most of the cool features are implemented.

I always thought that was one of the biggest problems with Firefox: it almost forces you to install a bunch of extensions. Out of the box, Firefox is a good browser, but it's nothing special. I suspect the development team is finally starting to realize that having lots of good features out of the box is important. The extensions are great, but finding and downloading them is a pain and many "regular" users simply can't be bothered (not to mention the compatibility issues). By integrating them into the core, you spread the benefit to the masses rather than just those with a technical bent. Plus, you can (in theory) get better performance with the native C/C++ in the core than with a JavaScript extension.

So I still use Opera everyday and use Firefox for web development. I find Opera faster and easier to use in many respects. But Firefox has the Web Developer, Firebug, and HTML Validator extensions, which are really compelling. Now if only Opera would implement an extension mechanism and allow you to set an external RSS reader, I'd be all set....