(Replying to PARENT post)
My understanding is that Comcast signs a legally-binding contract with Mozilla which imposes the requirements on them [0]. This obviously isn't perfect protection, but it substantially increases the risk of failing to adhere to the requirements. Mozilla claims "We intend to publicly document violations of this Policy and take additional actions if necessary." [1]. Presumably the additional actions include suing for damages pursuant to the breach of contract.
[0] https://blog.mozilla.org/netpolicy/2020/02/25/the-facts-mozi... [1] https://wiki.mozilla.org/Security/DOH-resolver-policy#Enforc...
๐คta576248_743568๐5y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
> How would this work?
A 1st draft of the steering mechanism just posted today for comment at https://tools.ietf.org/id/draft-rescorla-doh-cdisco-00.txt
๐คjlivingood๐5y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
How would this work? Is the detection done once, everytime firefox starts, or everytime the network changes? Would you ever get into a situation where you're not using comcast, but are still using comcast dns? eg. you have VPN enabled or your laptop moved to somewhere else.
>Joining Mozilla's program means that Comcast agreed that it won't "retain, sell, or transfer to any third party (except as may be required by law) any personal information, IP addresses, or other user identifiers, or user query patterns from the DNS queries sent from the Firefox browser," along with other requirements.
And how is this enforced? If comcast breaches the agreement, is anyone going to sue them for punitive damages? Given the current state of the US legal system (eg. what happened equifax after the breach), these assurances are worthless to me.