Opera Software tests Cloudflare DNS over HTTPS in Opera 65
Opera Software released a new beta version of the company's Opera web browser on October 17, 2019 to the public. Opera 65 Beta includes support for DNS over HTTPS (DoH), a privacy and security feature that encrypts DNS traffic to prevent spying and common attacks such as spoofing or pharming.
Opera 65 Beta is already available. Existing Beta installation should receive the new version automatically thanks to the integrated automatic updating system. Opera Beta downloads are also linked on the official blog post that announced the new release.
Opera browser is based on Chromium but the company decided to select Cloudflare as its partner for the test. Mozilla, maker of the Firefox web browser, entered an agreement with Cloudflare as well to power the DNS over HTTPS functionality of the Firefox browser.
Google on the other hand makes available several provides in the DNS over HTTPS test in the company's Chrome browser.
All DNS queries will run through Cloudflare servers when the feature is enabled in the Opera web browser. Requests that Cloudflare cannot handle are still handled by the local DNS server; this is mainly done to allow the browser to connect to local resources, e.g. those behind firewalls or on internal networks (which Cloudflare cannot resolve).
The DNS over HTTPS feature is not enabled by default in Opera 65.
Opera users need to do the following to enable it:
- Load opera://flags/#opera-doh in the browser's address bar. This loads the right experimental flag on the internal opera://flags page directly. You can also load opera://flags and search for Secure DNS to find it.
- Set the Secure DNS (DNS over HTTPS) flag to Enabled.
- Restart the Opera web browser.
The feature is supported by all desktop versions of the Opera web browser. Opera is available for Windows, Mac and Linux desktop systems.
The flag's description:
Secure DNS (DNS over HTTPS)
Use secure DNS (DNS over HTTPS; DoH) instead of local DNS. This replaces your default DNS with Cloudflare's public 1.1.1.1 server for public server name lookups. – Mac, Windows, Linux
The feature is experimental at this point in time. While it worked fine when I tested it for a short period of time, it is certainly possible that issues may be experienced. Uses may want to turn off the feature if that is the case to see if that resolves the issues that they experience.
Opera Software, unlike Mozilla, has not published any information regarding privacy. It is unclear if the company has brokered a deal with Cloudflare that is similar to Mozilla's to limit data exposure, use and retention when the service is enabled.
Now You: What is your take on DNS over HTTPS?
Martin, where’s your article on Chrome 78???
DNS-over-HTTPS doesn’t work on Chrome 78, despite all the media stories on the internet proclaiming Chrome 78’s introduction of DNS-over-HTTPS.
You’ve always posted an article on a new version of Chrome AFAIK.
Is everything alright???
Hi, I take a look. I did not post about every Chrome release in the past.
I have it available in Opera 64 stable.
I say good on Opera for doing this,it already works well in Firefox and it’s not a problem.
Don’t like Cloudflare,well add your own secure dns to Firefox.The benefit with Cloudflare is that they
are the fastest dns resolver in the world.
Everyone objects to Cloudflare,but Google is ok with their spying chrome browser.Google’s 8.8.8.8
dns is more data to them and again no one cares.
> Don’t like Cloudflare,well add your own secure dns to Firefox.
Defaults matter.
>The benefit with Cloudflare is that they are the fastest dns resolver in the world.
Hardly relevant, and in fact probably not even true:
“Another concern is that DOH will complicate content delivery to users. Today, content delivery networks (CDNs) host multiple instances of web content on geographically dispersed servers. This creates resiliency for web services and helps to deliver content to users more quickly. If ISPs lose the ability to view users’ DNS queries, they will still be able to route users to a CDN, but not necessarily the closest or most efficient CDN. ”
https://crsreports.congress.gov/product/pdf/IN/IN11182
> Google’s 8.8.8.8 dns is more data to them and again no one cares.
Is Google’s 8.8.8.8 DNS enabled by default in Chrome ?
If not then they’re more privacy respecting than Firefox on this point, and we can no longer even say that globally Firefox is slightly more private than Chrome.
If yes, then it’s very bad but well it’s Google, anyone who cares about privacy would avoid a Google product whenever possible, so it’s not true that no one cares. And it’s one more example of the “Google is slightly worse so we’re allowed to abuse you” rhetoric Mozilla likes to use.
You’re trying to defend Goolag, but attacking Cloudflare. LOL.
[Editor: removed. Please be polite. Thanks!]
Goolag quit following their motto years ago.
Goolag actively censors their search engine (especially in China).
Goolag developed Project Maven for the Defense Department to leverage AI on the battlefield.
And this doesn’t even cover Goolag’s active censorship/spying campaign, Wi-Fi sniffing, YouTube censorship conspiring with the Southern Poverty Law Center.
Tulsi Gabbard is suing Goolag in court for trying to stiffle her campaign (Goolag trying to influence the 2020 US Presidential election cycle).
Cloudflare has done nothing, only allegations by Goolag shills, because they partner with Mozilla – the only browser (Firefox) that doesn’t use the Blink engine (Brave is substantially based on Blink, so don’t try playing that card).
Pathetic.
Botnet
Once again, browser vendors are collaborating to screw the users, instead of competing for more privacy. And the Cloudflare monopoly intensifies.
No, implemented as it is, it is not a privacy feature, it is the contrary. It is more pertinently described as a DNS hijacking by the browsers for Cloudflare, than as a move to https.
“Centralised DoH is bad for privacy, in 2019 and beyond”
https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/
Cloudflare provides some useful services ? So do Google or Facebook, that’s besides the point. The problem is in the long term costs for privacy and freedom of speech. I don’t think that people realize the level of internet centralization that Cloudflare has achieved already, most of the time invisibly there.
The “edgeiums” have had this for awhile. Vsnapsot on win does as well, but not the linux ver yet.
Generally chromium v78.
Yandex Browser has this feature long long time ago.
I’d be less likely these days to trust Opera, but the central premise of offering DoH is excellent, and I hope it becomes fully standard, but always with configurable DoH servers, so that choice of provider is offered.
On a separate note, I tried Quad9 with DoH on Firefox, but found that the connection did not stay “live” for long; predictably, after something in the region of 10 mins or so, the browser had to be restarted to be able to browse again, as though Quad9 was not maintaining connections. This was on trr mode 3, so there was no unencrypted DNS fallback.
When I got fed up with that, I switched to Cloudflare DoH on Firefox, and no such timeouts occur. I guess its all still a bit experimental, and will settle down going forward.
Cloudflare claim to keep very little data, and only for 24 hours. Given that I am on VPN anyway as well, I don’t mind so much. As always, you have to trust someone, and my UK ISP would be the last on the trust list, in the food chain.
I forget exactly when the DoH option was enabled in Firefox last year but that’s when I started using it and never had any problems with Cloudflare even in mode 3 that I set in March. For me, they’re rock solid and the Gold Standard.
I had the same problem with Quad9, but that was a few months ago. I wonder if they got any better.
But as far as I know, Cloudflare is the sole provider using ESNI, so I stick with it for now.
There’s a difference in privacy policies between cloudflare-dns dot com and mozilla dot cloudflare-dns dot com unless things have changed. Users should look into that and make a decision.
What you Martin think about cloudflare, friend or foe?
Ghacks has its DNS resolvers[1] set to CloudFlare ofcourse Martin trusts them, otherwise he wouldn’t be using them.
[1] — http://www.crimeflare.org:82/cgi-bin/cfsearch.cgi
My problem is not with Cloudflare per se, but the fact that every single browser choose Cloudflare to do all their DoH resolving. We need some diversity.
“every single browser choose Cloudflare” No.
“We need some diversity.” There’s plenty of diversity, you just haven’t been paying attention.
I think that a company with too much access to data is always a concern. I don’t mind if Cloudflare is one of the options but if several browsers make it the default solution, it can become a problem even if not intended that way.
As far as Cloudflare is concerned, it is a company that operates a useful service (Ghacks uses its technology to block DDOS attacks and other unwanted forms of attacks).
The are tons, well, a lot, of servers out there offering DoH. Whether or not you browser can allow you to choose another or not is up to the user to find out – a simple task for any ghacks reader.
Every browser seems to default to Cloudflare dns, am I paranoid in thinking that this is a bad thing?
You are not, and those that think you are may a reminder, Snowden happen and before him all that was “Conspiracy Theories”.
https://codeberg.org/crimeflare/cloudflare-tor
https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/
https://trac.torproject.org/projects/tor/ticket/24351
“Every browser…” Not. And yes, you are paranoid.