> the only thing [browsers] should do is fetch exactly the page URL that was entered and display it.
I strongly disagree. Browsers deal with a hostile environment that poses countless threats to their users, and need to be safe. Arguing that browsers should be minimal and not protect privacy is like arguing that cars should be minimal and not have seat belts.
There is an argument that ensuring privacy in DNS could be done outside the browser. I think HTTPS is a good precedent for putting privacy in the scope of the browser; the browser should attempt to ensure that privacy expected by the user is established or it should refuse to operate.
I disagree with the solution of trusting Cloudflare, but privacy should be considered crucial to user safety in modern browser design decisions.
I strongly disagree. Browsers deal with a hostile environment that poses countless threats to their users, and need to be safe. Arguing that browsers should be minimal and not protect privacy is like arguing that cars should be minimal and not have seat belts.
I strongly disagree. A browser has one job, and that is to follow and render URLs. Secure connections and such are services provided by other components of the OS, and the browser should absolutely use those services but not attempt to overreach its main purpose. It's really the principle of "do one thing and do it well".
To spin your analogy, you're arguing that cars should have seatbelts that also check your age and blood alcohol level because "that's also a safety thing".
There is an argument that ensuring privacy in DNS could be done outside the browser
Yes, the same way that VPN clients are; and I'm perfectly happy for Mozilla to be working in that area, but most certainly do not put that in the browser and do not make it default.
>> It's really the principle of "do one thing and do it well".
This sounds good on the surface, but falls apart at the smallest level of logical scrutiny.
It's akin to saying, "a car should only accelerate, decelerate and make turns!" After all, that's a car's main purpose.
Whereas the fact of the matter is that modern cars are built to be able to handle all kinds of hostile environments and have numerous defense and safety mechanisms in order to keep their passengers safe.
What do you do as a browser vendor when the OS fails to provide you meaningful security and privacy? This is pretty much how we got here. Basically every device on the planet is right now configured to blindly accept whatever DNS server is handed to it by DHCP and there is really no movement on changing that.
So browsers can throw up their hands and say "we are as secure as the OS" or they can do it themselves. Not ideal but the alternative is worse for users.
What do you do as a browser vendor when the OS fails to provide you meaningful security and privacy?
Nothing. Absolutely nothing. Work within the environment you're given.
Basically every device on the planet is right now configured to blindly accept whatever DNS server is handed to it by DHCP and there is really no movement on changing that.
...and that's just fine, because I trust my LAN more than some third party in another country.
>>browsers should do one thing>browsers should do it all
The essential Multics vs Unix mindset clash. One application to rule them all vs. a versatile toolbox of interchangeable modules. Telco heads vs hacker heads.
In the end, the hackers always win - but the telcos grow to be fat cats.
In a way, it's a Multics vs. Multics clash. I already have one application to rule them all. My operating system. I do not appreciate when the browser tries to supersede it. Not (just) because of philosophical reasons, but because browsers completely suck at being operating systems. The web takes a lot of control from the users, and offers near-zero interoperability.
It all feels like a step-by-step attempt at turning general-purpose computers into cable TV.
I don't think this is at odds with "should do one thing well". Safety is not an application in itself, it is a design principle.
"rm"'s purpose is only to delete, yet it still tries to ensure safety and sanity with its flags: -r, -f, --no-preserve-root, etc. Even simple tools should be safe by default.
We already have applications that can take all your traffic and send it over an encrypted tunnel somewhere else, if you don't want to exit to the Internet from a place you don't trust. They're called VPN clients. DoH is like a partial VPN client. It doesn't belong in the browser.
DoH servers are not open proxies, they're just DNS resolvers with support for a security layer; they are comparable to HTTPS, SMTPS, SSH, etc. servers, not to a VPN.
VPNs are not a substitute for, nor a better solution than DoH in the same way as they are not for HTTPS or SSH.
I strongly disagree. Browsers deal with a hostile environment that poses countless threats to their users, and need to be safe. Arguing that browsers should be minimal and not protect privacy is like arguing that cars should be minimal and not have seat belts.
There is an argument that ensuring privacy in DNS could be done outside the browser. I think HTTPS is a good precedent for putting privacy in the scope of the browser; the browser should attempt to ensure that privacy expected by the user is established or it should refuse to operate.
I disagree with the solution of trusting Cloudflare, but privacy should be considered crucial to user safety in modern browser design decisions.