Bitcoin isn’t the waste crisis you think it is

Alright nerds and tree huggers today I’ve got a shitpost that’ll rile y’all up. Go find a punching bag because you’ll need it.

Bitcoin Mining Farms use the most coal energy not individual miners

One of the largest producers of Bitcoins is China. Thanks to very low energy costs it is very profitable to mine Bitcoin and other cryptocurrency in China. Being largely coal powered these result in high emission mining farms. Additionally these farms use custom ASICs and not GPUs. These end up in a landfill once they can’t mine a specific coin anymore.

In contrast individual miners working from home usually mine on their desktop PC when it’s not being used for work or gaming. This helps recoup hardware costs and assuming reasonable cooling and low VRAM temperatures doesn’t impact the hardware’s lifespan. GPU mining is more energy efficient and GPUs can be reused for other tasks once they’re no longer good for mining such as light video editing and gaming. Many residential areas rely primarily on solar and wind energy and do not use coal or natural gas.

Idle energy consumption is a much bigger problem

In one study it’s estimated that in the United States alone idle energy consumption by always on appliances use 64-billion kilowatts of energy per year (https://www.nrdc.org/sites/default/files/home-idle-load-IP.pdf). That’s 64 Terawatts of wasted energy a year. Bitcoin is estimated to consume 128 Terawatts per year (https://www.sciencealert.com/bitcoin-could-soon-consume-0-6-percent-of-world-s-electricity-here-s-how-it-works). However Bitcoin is not idle consumption in addition to acting as a currency the process of mining can be used to heat homes.

Regulate mining farms don’t ban a currency

The solution to this problem isn’t to ban a currency. People have always had disagreements with how energy should be used. Go read about the oil wars. Rather the biggest mining farms should be regulated to use solar, wind, and other green and renewable energy sources.

Don’t blame individuals

The problem sucks but name calling and blaming small miners won’t fix this crisis it’ll only make the richest mining farms more profitable.

A reminder in-case Twitter ever suspends my account

Hi everyone. So I wanted to post a quick reminder on how to find me again if Twitter goes beyond locking my account and suspends it. This post is just a precaution given that my account got locked for twelve hours, I do not think they are going to suspend me for that one joke but who knows what could happen. I’ll be reaching out to mutuals over the next few days to share this blog post directly with them.

My website Catgirl.is is the easiest way to find me

This website lists all of my social profiles and projects. It is the easiest place to find my current accounts including Twitter. There is very little chance of my personal website/blog being taken down by my hosting provider. It is the one safe place to find me again as I’ve taken measures to make it difficult to permanently suspend it. It’s a last stand if every other social website and app were to suspend me.

I will likely start posting short blog posts here in a shorts category or something to replace my use of Twitter threads. I’m making the effort to build and operate a website anyways so it just makes sense in my case. This is also helpful because I the event my Twitter account is lost less content is gone forever. I work pretty hard on my threads and it’d suck to lose them. Content on this website is eventually indexed on Google and will eventually be found by those who are looking for it.

Finally while no hosting solution is bulletproof and no reputable host would host illegal content my site doesn’t do anything that breaks the WordPress.com terms of service. The domain name is registered at ISNIC directly. This said uses WordPress.com and their DNS Service. This does introduce a temporary risk (up to one-week depending on how long your ISP caches NS records) if they suspended my DNS service. This said should WordPress.com change their position on hosting my content for some reason I have contingency plans which include alternative hosting providers ready to move to basically overnight. If the site is ever down come back in a day or two and it’ll probably be fixed by then. As for the domain name itself, ISNIC for the most part is free-speech friendly and is unlikely to suspend this domain name. I have taken steps to pick providers I believe will act fairly but I also aim to make my website portable incase the worst were to occur.

Discord and Email are also good ways to reach me

I am usually on Discord as catgirl#1337 and can be reached by email at me@lunorian.is. These alternative contact ways are great ways to reach me when I can’t use Twitter or check DMs.

I will eventually make a new Twitter account if suspended but it may be different

If suspended I’ll just make a new account in a few days. I don’t plan on leaving Twitter anytime soon. It’s unlikely their moderators will ban it aside from if it’s causing additional trouble. No machine learning algorithm will detect all of my accounts. I have a mix of VPNs, Tor, and other techniques to get new IP Addresses if it comes to that. I can also get a new phone number and SIM card from Verizon overnight if Twitter blocks my phone number too. I would likely post on Twitter much less if forced to use VPNs to bypass a block though. Short of a court order there is nothing Twitter can do to block me from creating new accounts.

Why I was temporarily suspended from Twitter…

Ok guys so sadly the COVID-19 jokes on Twitter are over for now. Their moderators have decided AT&T is losing too much money if I continue make fun of their nonexistent 5G(e) cell phone service. Remember 5G causes Diabetes not COVID-19, AT&T will kill us all, and most importantly to take your COVID-19 vaccine so you don’t get sick from toxic and harmful 5G radiation 🤪🤪🤪

Photo of tweet I had to remove to be allowed back in 12-hours

I had hoped this was a miscommunication but today it was confirmed the moderators lack empathy 🤬

A drawing of two anime girls laying on a couch. One girl is on top of the other girl on a couch. She is titled "she/her girls". The girl below her is titled "they/them girls".
If two girls cuddling makes you more uncomfortable than a guy and a girl cuddling don’t read my fucking blog

Welcome to the Catgirl’s Rants Club. Grab some popcorn and a beer (you’re gonna need it) and get ready to read some drama. If you are reading this post you probably read yesterday’s post as well, if not the context provided will probably be helpful in understanding the stuff I’m ranting enough – k thx for reading it – let the cringe begin. Ok so I can’t fucking even right now. I really had hoped there was some miscommunication. Instead today’s events confirmed their moderator team is a fucking shitshow and lack empathy.

Imagine asking someone to leave you alone and then following them around wherever they go 🙄🙄🙄

DevsHelpingDevs doesn’t have to let me chat in their Discord server, they can do what they want, and I can also blog about how I think their handling of the situation was fucking stupid. I don’t want chat in their Discord server anymore, an unban or apology won’t change that – we’ve broken up it’s cool – now leave me the fuck alone. Alas the mods decided that enough wasn’t enough and to chat over cup of tea on Twitter instead.

So to avoid directly naming anyone we’re just gonna call this person Moderator B and the moderator who blocked me on Twitter will be called Moderator A. Ok cool so no one’s been named therefore it’s not harassment yay everyone’s happy and I can still write my rant. I’m going to replace names with [Moderator A/B] in brackets, and replace she/him/etc pronouns with [they/them/theirs] to further protect these moderators identities. I’m a really nice girl when you get to know me :))) This morning I took a short break to read a discussion on cybersecurity and someone (I did not even know they were a moderator of DevsHelpingDevs at the time as it’s not on their Twitter profile) DMed me and wanted to discuss my thoughts at length privately. So I did my best to answer, we had a fun but brief discussion about Ruby, Python, our skillsets, and careers with those languages. So far the chat with them was going good they even stated “Anyway you know some awesome stuff and I’m really glad to have met you. I can’t believe I havnt come across you before today!” we then talked a little more about career options. It was at this point Moderator B revealed they were a moderator and said the following to me:

awh shucks! Also I feel like I should tell you that I checked out your blog and I’m actually one of the moderators on DHD. I wasn’t very active before you left though. Would you like me to try and get a reason for you and maybe see if it could be talked through?

Moderator B – Direct Messages on Twitter

It should be made very clear that I did not seek out the DevsHelpingDevs moderators. No moderators were harassed or even messaged until one messaged me first as shown above. Moderator B confirmed that the reason for my ban from DevsHelpingDevs was because of the meme.

Tea time didn’t last very long 🍵🍵🍵

Moderator B stated “I remember the team agreeing that the meme was inappropriate for the server (nothing to do with the pronouns just the sexual nature of it), I assumed the reasoning had been discussed with you. It was literally because it was NSFW and that was it. I’m so sorry you have been made to feel this way. It wasn’t intentional.” So at this point I’m like do the moderators not talk to each other? It wouldn’t surprise me given they didn’t even message me that they were banning me from the Discord Server. So I said back “Actually no one talked to me, there was no communication I was literally ghosted, also you could’ve just asked nicely for me to remove the content, this was egregiously mishandled.” One should note that by starting this discussion Moderator B was no longer having a one-on-one discussion with me, they were representing the DevsHelpingDevs moderation team. They discussed that they were not active at the time of my ban but offered to let me join their Discord server instead. They went on to add terms such as that meme couldn’t be shared. So at this point I said “Btw two girls cuddling is not sexual”, Moderator B said “it looked like the one was holding the others hands above their head”, I replied “Also not necessarily sexual”, this point I was quickly losing interest in even considering joining Moderator B’s other Discord server, I initially considered because they were not involved at the time of my ban. As they were adding more terms to if I joined their Discord server I responded with the following:

More so this was mishandled rather than having the mod team and [Moderator A] block me the post could’ve been removed maybe even a warning. But really the I’m no longer friends with you because you posted a meme I didn’t like was hurtful … No the fact [they] literally blocked me over Twitter speaks for itself.

Me – Direct Messages on Twitter

I’m not interested in sharing that post on their Discord server, the fact this was so quickly brushed over is insane. So their argument changes direction. After all you can’t really defend someone ghosting a user and ending a friendship over a harmless meme. Moderator B responded with the following to me:

I stand by [Moderator A] [Moderator A]’s decision but I personally would have told you why you were banned. The fact that you’re getting hostile at me when I’ve done nothing wrong is making me uncomfortable.

Moderator B – Direct Messages on Twitter

Remember everyone, if you disagree with someone you are therefore automatically considered hostile and should bow down in apology. I responded with the following:

Do you think it’s remotely professional behavior to not only not give notice but also for [Moderator B] and DevsHelpDevs to block me over Twitter as well? Or the I’m no longer friends over a meme that’s hurtful.

Me – Direct Messages on Twitter

I’m not usually one for professionalism. Most of the time it’s just an excuse for HR to make you waste your hard earned income on a clown costume I mean dress clothes. But I think this is one of the times it’s actually necessary but no need to wear dress clothes this time, you can keep on your T-Shirt only professional behavior is necessary we aren’t on Zoom after-all 😂. Moderator B didn’t respond with hmm maybe we shouldn’t handled this differently. Moderator B instead reaffirmed Moderator A’s actions and said:

If there’s a chance you would have gotten hostile with her like you are with me now, then yes. [They] [were] protecting herself. I’ve explained to you why you were removed, which I thought was what you wanted. An explanation. And I’ve offered to talk to [Moderator A] for you. You’re being rude. Your attitude is standoffish and makes me anxious. You’ve got your reason, the meme was of a sexual nature. I’ll let [Moderator A] know [they] did the right thing to block you to protect everyone in the server.

Moderator B – Direct Messages on Twitter

So not getting into another debate on whether the meme was of a sexual nature. This proves most of the moderators view women as mere sex objects if the sight of them cuddling makes it sexual. Believe what you want I’m not gonna argue that point again. Your server, your rules, no one ever disagreed with that point. But with DevsHelpingDevs being Queer-phobic I’m out fuck them. But every story has a conclusion so it’s only fair I share my response with full transparency:

How do you think being suddenly ghosted and having to make guesses makes me feel? Also anxious. Trying practicing empathy. It’s something the moderation team clearly lacks.

Me – Direct Messages on Twitter

So here I stand by what I said. Based on my discussions and interactions with members of the mod team are lacking in empathy. They took the most aggressive path possible rather than having a discussion. Which again they can do what they want, I’m used to being bullied for being Queer, but it doesn’t paint them in a good light. Moderator B’s last response before blocking me:

Empathy, how do you think having a go at me when I haven’t done anything makes me feel? You posted sexual content which is against the rules and got banned. I’ve tried to make things better and you’ve had a go at me.

Moderator B – Direct Messages on Twitter

Had a go? You messaged me. What the actual fuck. You brought up this conversation, I did not. You, now representing the moderation team of DevsHelpingDevs followed me, brought up a chat after asking me to be left alone and blocking me on all social media platforms. What the fuck do you want?

Stop seeking me out

I’ve played nicely and have not named people. I’ve now written two rants about the situation. Stop fucking DMing me on Twitter if you don’t want to be called about for being Queer/Trans-phobic and engaging in harmful practices on a mental health Discord server. This whole interaction was easily avoidable. Quit playing the victims when you’re the one seeking me out.

Did a mental health support Discord Server just ban me for being Queer?

What’s up everyone just wanted to write up a short rant about some Discord drama. I posted a thread about this on Twitter but as with Twitter threads can be taken down and accounts deleted by the moderation robots so I’m posting it here. Sometime today February 27th, 2021 I was banned from a the Discord Community DevsHelpingDevs, I was promptly blocked on Twitter by the main account and a moderator (who initially invited me to the server) I thought was a friend. Before I continue please do not seek out or harass the moderators of this server. I do not have any intention of rejoining even if they invited me back and apologized to me.

What is DevsHelpingDevs?

Screenshot of the DevsHelpingDevs Twitter Bio

DevsHelpingDevs is a Discord server that describes themselves as a community based mental health support platform for Software Developers. Throughout my time in their Discord server everyone seemed kind, helpful, supportive and were nice even on bad days to me. It was a fun place to hang out and I thought people there were my friends. I was mistaken.

What were my final interactions with people in the server?

A drawing of two anime girls laying on a couch. One girl is on top of the other girl on a couch. She is titled "she/her girls". The girl below her is titled "they/them girls".
The meme

It would be unfair to complain and not show final interactions. Being I had no expectation I’d ever be banned or even warned, I don’t have screenshots of the chats and cannot read messages in the server as I am banned from it. Yesterday in the “Talk about anything” channel I briefly discussed applying for a job at the Question and Answer website Quora. I also in the “Wholesome pics” channel alongside more photos of my pet dog, I posted a meme I made which is also wholesome in my opinion. The meme clearly implies a queer relationship between the two anime girls. This meme has been shared in many queer spaces with the text of the two characters being changed. It is very popular to share on Trans Twitter.

So why was I banned from the Discord server?

Good question, I don’t know the answer to it, there is no official reason that I know of, as unfortunately the moderators did not a give me a reason nor did I even receive a notification I’d been banned. Instead the Twitter account of DevsHelpingDevs and one of the moderators quietly blocked me. It’s sad because I didn’t even get to say goodbye to people I thought I was on good terms with. If I had to guess it would be because of the meme I shared and more-so that there is an unwritten rule in the community that Queer content is not allowed. A don’t ask – don’t tell – or you’ll disappear policy if that’s a way to describe my thoughts and feelings. This is only a guess and is not fact but the facts visible to me do not paint their community in a good light.

A lack of communication only leads to guesses as to why I was banned

After talking with a few friends about the issue, it turns out there are not a lot of reasons they had to ban me from the community which really narrows it down to the meme I posted. There’s not any other motivation they could find for a ban. This leads to the guess that potentially the meme I shared made some people in the community uncomfortable. It may lead one to the conclusion that any queer content is not allowed in DevsHelpingDevs. This is shocking for a mental health community for Software Developers which newsflash a large percentile of Software Developers are Queer or Transgender or Non-binary in one way or another. And again to clarify this is only my opinion making guesses on what I can see and infer from the events that occurred, this is not proof I was banned for being Queer only that it looks like it. If you are Queer or Transgender or Non-binary and are invited to their Discord server I would approach their community with caution. At least until you good reason and evidence to believe otherwise.

So now it’s time to find another Discord community to make friends in

Feel free to Direct Message me on Twitter or Discord (catgirl#1337 – friend requests are open to everyone) if you have suggestions on where I should hang out next. Just make sure they are trans and queer friendly 💜🏳️‍🌈🏳️‍⚧️

No Google isn’t banning adblockers in Google Chrome

Over the past year there has been panic that Google plans on banning the use of ad blockers in Google Chrome. This is largely caused by misleading blog posts indicating that Google Chrome’s manifest v3 limits the deprecates the webRequest API to enterprise applications which require it. Adblockers today use this API to detect every incoming response body and remove the parts that contain the advertisement’s HTML code so Google Chrome does not load or render the advertisement. This approach has worked well for the past several years by extensions such as AdBlock Plus and uBlock Origin. The problem is that by this API existing without strict limits, a Chrome extension can abuse the API to access and steal data such as credit card numbers and passwords from a page due to the privileged access it has. Google Chrome could put strict limits on which extensions are still allowed to access the API although that puts a limit on competition, and smaller developers won’t be able to take a new approach to adblocking without jumping huge hurdles. It’s also possible that Google will allow a limited set of allowlisted extensions to continue using the webRequest API for the time being. It’s not going away it’s just be limited so Google could make an exception for specific extensions although I do not agree with this approach and believe it would do more harm than good to allowlist the big adblockers. Google seeks to improve the security of Google Chrome, these changes are not about adblockers but have resulted in a controversy.

Google controls the distribution platform

While it’s tempting to blame Google’s Business Team and claim they want to remove the ability to use an adblocker in Google Chrome, while they may want that, they do not need to remove an API to do so. Google controls the Chrome Web Store and can just stop signing updates, remotely disable, and stop distributing ad-blocking browser extensions. Why would Google go through the trouble of removing an API when they can easily ban adblockers from the Chrome Web Store and delete existing ones from user’s Chrome installs? The ability to instantly ban adblocking on Google Chrome exists and Google has not used this power.

A new approach to adblocking

Google is building a new API for extensions to use which allow them to pass a list of content to block and Google Chrome itself will perform the blocking without allowing the adblocker to view page content. This is similar to the Apple Content Blocker API which does the same thing. The current proof of concept had some limitations such as a limit to the amount of rules an extension could ad which need to be addressed before these changes take effect. There is some concern that Google will limit the ability to block Google’s ads but this is unlikely. Even if they did, forks of Google Chrome (such as Brave Browser and Microsoft Edge) exist which have stated they will not disable the webRequest API.

Adblocking will probably be faster and safer in the end

There are a lot of dooms day predictions where Google ends the ability to use adblockers but these situations are unlikely. Rather I predict that adblocking on Google Chrome will be faster and safer for users. Remember that adblockers are a security product and they should encourage changes to browser architecture and APIs that protect users even if it requires significant changes to their product. Google has provided over a year of advanced notice so this change is not going to suddenly destroy adblockers as long as an update over the next year or two is prepared to work with the new API. I think there’s a lot to look forward to with the future of adblockers on Google Chrome.

“If you go Mac you never go back” Apple’s biggest lie…

If you’re an Apple user or have friends who do you’ve probably heard the line “If you go Mac you never go back” at some point. I am going to discuss that argument and explain some of the reasons consumers leave Apple’s ecosystem everyday.

FOMA: Fear of missing out

This statement has been spread by consumers alone to create the fear of missing out. People will buy Apple products because they do not want to miss out on experiences with their friends and family. From the iPhone, to the iPad, to the Mac, Apple creates something that hardware alone cannot do unique experiences through software. Whether these are good or bad for consumers is a topic of debate. It’s created a cult-like mindset amongst its users which is not productive or healthy. It also attacks the rest of the industry for the sole-purpose of switching everyone to the Mac ecosystem.

Apple gives users limited hardware choices that cannot meet all use cases

I’m what you may call a power-user. I write software for a living and as a result many of the tools I use do not run well on the Mac’s limited hardware. Aside from buying a Mac Pro, you have low-performance Intel processors designed to give consumers a good battery life over raw compute power. This is a balanced approach which is great for users who want to use their devices for social media, video streaming, and simple office tasks. It begins to fail when you have more complex tasks that require more powerful processors and graphics cards such as video editing and rendering. And while it’s improved over the past several years the Mac line of computers by design are not ready to provide a pleasant gaming experience.

Unfortunate misconceptions that consumers have

The most common misconception I here when recommending that people buy a Microsoft Windows device is that it’s vulnerable to viruses. While it is true that Microsoft Windows is a more popular target for malware developers, you can get a virus on a Mac. Here’s a helpful list of recent viruses targeting the Mac ecosystem of products. There have been several recent advances to Microsoft Windows that improve it’s security and protect its users from malware. There’s also the misconception that Windows computers are very slow. Older ones can be when too much is running but modern processors can handle larger workloads and Windows users can buy more expensive processors to handle larger more compute intensive workloads.

Users do and will go back away from Mac

Due to growing needs I use Windows computers more than I use Mac computers. It’s sad to see that consumers have created what equates to a stigma when Mac users consider going back to Windows machines. From video production, to gaming, to systems programming, there are a lot of tasks Mac is not an ideal platform for and people leave the Mac all the time for platforms that more meet their needs. Saying “you never go back” isn’t true, as often you do or at least adopt an additional platform for certain tasks.

Why address this line? Why not leave Apple users who say this be?

I write this article as I heard today someone say “If you go Mac you never go back” today, the line itself creates misconceptions, is wrong, and is somewhat infuriating. People should be free to use the devices they love and no one should stop them, this includes Apple users wanting to use Apple devices. This said: I want to see peer pressure for people to switch platforms to go away.

So I uninstalled Firefox…

Several copies of the Firefox logo are spread across a square.

I published an article last week that explained how Mozilla deceived their audience. The article described how Mozilla broke a security feature built into Firefox. I would recommend reading that post before reading this one. This post continues to elaborate on my previous post and provide further reasoning on why I uninstalled Firefox.

I have concerns about what Mozilla will do next

Before we go any further after the uninstall I left Mozilla very detailed feedback explaining why I am uninstalling Firefox. I even attached a copy of my full blog post. I hope that someone at Mozilla takes the time to read it. That being said I don’t hate the team at Mozilla nor do I hate Firefox. As a user I feel betrayed and no longer trust Mozilla and it’s products. They have some explaining to do before I consider changing my position.

My concerns started because they removed the anti-censorship capabilities that DNS over HTTPS has to offer. With TLS 1.3 and the Encrypted SNI beta that Cloudflare participates in, we would’ve had a browser highly resistant to censorship. You would have to perform a downgrade attack and block DNS over HTTPS as a protocol. (You can’t do this without Mozilla’s cooperation because it looks like standard HTTPS traffic). As Mozilla continues to give into pressure by governments, ISPs, and corporate network administrators I question what will happen next. Below is a few things I believe could happen if we’re not careful:

  • Allowing a network administrator to remotely inject their certificate authority into Firefox’s store of trust.
  • Sending browser history periodically to a network administrator defined endpoint.
  • Sending stored passwords to a network administrator defined endpoint.

The security changes would not be limited to Firefox Enterprise. These changes would affect all users. It’s not okay to use corporate spyware without telling users. It’s possible that like with DNS over HTTPS, these features would not generate a warning for the user. This could be abused by ISPs, Governments, and malicious hackers. I see Firefox as too great of a risk to continue using. The question I keep asking myself is what pressure will Mozilla give into next?

Will I still use Tor Browser

I am keeping a close eye on what happens next. The people at Tor Project are probably keeping a close eye on Mozilla and working to keep Tor Browser safe. I will probably still use Tor Browser when I need private and anonymous web browsing. My decision may change if Tor Browser makes risky decisions.

Since Tor Browser is a fork of Firefox ESR, their developers can see and exclude any change to Firefox they believe is dangerous. There is a possibility that the public release builds of Firefox have a secret bugdoor added to them. (I guess you could say the same about Tor Browser, although I hear that there’s work on making the builds reproducible to avoid this situation!) Since Tor Project Developers pull the Firefox Source Code and apply their patches to it I believe this situation is less likely.

What I am switching to

Now that I’ve uninstalled Firefox I think it’s time to go back to our beloved Internet Explorer 8 the classic web browser that started it all. Just kidding! I will be switching to Brave Browser, a relatively new privacy focused web browser built on-top of the Chromium Web Browser, the open source project that powers Google Chrome. An article by ZDNet showed that Brave Browser “phones home” less than Firefox or Chrome. Is Mozilla still the most trustworthy browser vendor? I do not believe they are anymore. I hope that Brave can provide a better level of transparency and security than Mozilla could.

Conclusion

After Mozilla breached trust I uninstalled Firefox and switched to Brave Browser. I am closely watching the security of the web browser ecosystem. I am skeptical of Mozilla.

Mozilla’s implementation of DNS over HTTPS in Firefox and their claims are misleading at best…

Several copies of the Firefox logo are spread across a square.

Recently Mozilla finalized their implementation of DNS over HTTPS in Firefox. This protocol would improve internet users’ privacy and security while using Firefox. A change in their implementation means that many of the privacy and security benefits of DNS over HTTPS go away for Firefox users.

A history of DNS over HTTPS

March 2018: Mozilla begins testing an implementation of DNS over HTTPS.

October 2018: RFC8484 was published by the IETF to describe the encrypted DNS System known as DNS over HTTPS.

November 2019: Microsoft announced that they would add support for DNS over HTTPS to the Windows 10 operating system.

February 2020: Mozilla announced the inclusion of DNS over HTTPS in Firefox to the general public and began the rollout.

What’s the issue with DNS over HTTPS?

A criticism of the DNS over HTTPS protocol is that it will break some software products that rely on the information sent in a DNS query to determine whether to allow or block a connection to a website. This affects certain educational institutions, corporations, and totalitarian governments.

Popular web filtering products will check each DNS query against an allow or deny list of websites. An encrypted protocol would break those products in their current form and prevent them from working properly.

The solution is to disable DNS over HTTPS on computers owned by the company. Any company computer could simply install a Firefox Enterprise Policy to disable the system while not affecting personal computers which are owned by private individuals. Mozilla’s finalized solution astounded me and goes against what I thought their values were.

What solution did Mozilla provide to network owners?

Mozilla added a simple test to decide whether to allow DNS over HTTPS. If an unencrypted query to use-application-dns.net returns NXDOMAIN or SERVFAIL then Firefox will disable the DNS over HTTPS system. Mozilla had the following to say on their support website about how this works:

In addition, Firefox will check for certain functions that might be affected if DoH is enabled, including:

* Are parental controls enabled?
* Is the default DNS server filtering potentially malicious content?
* Is the device managed by an organization that might have a special DNS configuration?

If any of these tests determine that DoH might interfere with the function, DoH will not be enabled. These tests will run every time the device connects to a different network.

Mozilla Support https://support.mozilla.org/en-US/kb/firefox-dns-over-https

I hold issue with this approach. As far as I am aware, the user is not informed when DNS over HTTPS is disabled. This may give them a dangerous false sense of security. To add insult to injury, they are not offered a way to use DNS over HTTPS against a network owner’s wishes. I was unable to find an option under network.trr in about:config settings to toggle the test. I did notice that in about:studies there is a DNS over HTTPS US Rollout study. Disabling this study might disable the test of whether to disable DNS over HTTPS. If this works, it is a temporary solution at best. Aside from compiling your own “fork” of Mozilla Firefox, it looks like you are forced to obey their decision. Since when did Mozilla get in the business of taking away the freedom of choice from internet users? I thought that was the job of giant corporations, not the non-profits which are supposed to be on your side.

What should Mozilla have done instead?

I believe that this issue could of been easily resolved by adding an option to Firefox Enterprise Profiles to disable the functionality. This would allow normal users to keep using and benefiting from DNS over HTTPS while corporate computers could be monitored. It is the most reasonable compromise and doesn’t undermine the privacy and security rights of Mozilla users.

How does Mozilla’s solution to corporate network owners affect the average internet user?

The solution Mozilla offered to corporate network owners feels draconian and has potentially chilling effects.

Any ISP or Government on demand could return NXDOMAIN or SERVFAIL to disable DNS over HTTPS. This could be used to target specific users (for example activists) by disabling the additional privacy & security benefits DNS over HTTPS offers them.

Anyone with the ability to intercept wireless network traffic could abuse this solution to disable Firefox’s DNS over HTTPS system, then continue the activities that internet users would otherwise be protected from.

Users are not given a warning message that their traffic may be tampered or spied on like they are if an HTTPS connection is tampered with. This goes against the premises of encrypting DNS queries. What is Mozilla doing about this?

Can an ISP disable DNS over HTTPS and continue selling your data?

It is unclear how much data Mozilla is collecting through their rollout study. If major ISPs choose to return NXDOMAIN or SERVFAIL on queries to use-application-dns.net will Mozilla backtrack on their decision to allow DNS over HTTPS to be disabled by a network administrator? As net neutrality is no longer the law, there is nothing stopping them if they choose to do so.

From a technical standpoint, it currently looks like the answer is yes. Allowing ISPs to do disable the system can make it easier for them to sell your web browsing history. It is unclear if the ISPs will choose to override consumer choice.

I can imagine similar situations with a totalitarian government who uses DNS monitoring and tampering to censor the populous by ordering ISPs to block queries to use-application-dns.net once this rolls outside the United States. If they have not taken proactive measures already.

From an ethical standpoint, will Mozilla do the right thing and backtrack once this becomes an issue?

You cannot make a security feature secure unless it protects all users unconditionally

Growing up I was and still am a very active user in information security and privacy technology communities. If there is one thing at all I have learned as a result of those experiences, it is that you cannot make a security feature secure unless it protects everyone unconditionally.

Mozilla’s implementation of DNS over HTTPS locks traffic from otherwise prying eyes but then publishes the master key allowing any entity to unlock the traffic at will. These actions may have chilling effects.

Imagine if the Tor Project modified Tor, an anti-censorship product, to allow easy blocking of connections to the network and stopped providing bridges. It would affect journalists and political dissidents around the world.

What other solutions exist?

Honestly, it hurts me to have to answer this question. I care about Mozilla, and the Firefox Community as a whole. I wouldn’t want anything to happen to it. If anything, I feel betrayed as a Firefox user and speaking out is the only way I believe change will occur.

There is not an easy replacement at this time. The closest thing I found was cloudflared, a command-line DNS over HTTPS client. As far as I’m aware, it does not disable itself to appease network administrators. If you are feeling up to the challenge, Cloudflare provides instructions to configure it.

Conclusion

I do not trust Mozilla’s implementation of the DNS over HTTPS protocol anymore. I was once a strong advocate for it and thought it would improve the internet for the better. Because of their implementation change I can no longer recommend Mozilla’s implementation of DNS over HTTPS. I feel disappointed and heartbroken because of their decision. What I thought would be Mozilla fighting alongside the Tor Project to stop censorship turned out to be false. I can only hope that Mozilla will change their decision and do what’s best for the Firefox Community.

Should you be able to delete quotes of yourself online?

This post is in response to the GitHub Issue
Quote Toots #12753” (Archived Page). I opened this issue a while ago requesting that Mastodon add an easier way to quote users than linking to their post. This sparked users concerns including online harassment and their right to delete what they say on the public internet. This post responds to various points made on the GitHub issue.

Private entities are free to do what they want to do

Before I go over any points in this article I want to clarify that I believe private entities are free to do what they want. If the Mastodon Project want to ban users whose favorite color is purple, it’s their site their rules, of course be sure to ban me too because my favorite color is purple. ?

The Mastodon Project is a private entity and can choose to include features or not include them, they’re also free to delete GitHub issues/comments they disagree with in their repositories. Under no circumstance do I believe that they should be forced to do anything they don’t want to. This blog post exists so I can state my opinions on a platform that they don’t control (I have a feeling some of my comments today will be hidden ?).

Back to the key question

I do not believe that anyone has the right or should be able to delete someone’s quotation of them-self. Quoting for purposes of commentary and criticism is protected fair use under copyright law. Just because you disagree with something someone has to say doesn’t mean that you have a right to delete it even when it’s about you. Anything else threatens freedom of expression.

Responding to concerns I saw on GitHub

What’s the right to be forgotten?

In Europe people have the right to be forgotten about and have certain negative information about themselves removed from the internet. It’s understandable people want to let go of the past. Such a law has huge free speech implications and bans speech about an individual. If someone quotes and attributes you in a way that can’t be erased it may infringe on this right. When you effectively ban speech about an individual it may be the highest form of political censorship aside from banning a political party. To be clear this is censorship by the government not a private entity.

What is call out culture?

In the linked GitHub discussion thread concerns on enabling call-out culture were raised. For those unaware, the phrase “call-out culture” references an ongoing issue on social networking websites where someone will quote another who said something offensive. Afterwards their followers will sometimes harass the quoted individual. This can even go to great lengths such as calling someone’s employer and trying to get them fired from their job. It’s just a bunch of internet users acting like children and telling the adults on each other and should be treated as such.

Quotes are anti-social!!!

I believe this point was actually in a linked Mastodon thread, but I’ll discuss it here anyways. People raised concerns that quotes are anti-social and that you should reply instead. Not everyone wants to debate with you, often quoting why you believe something someone said is wrong is an important part of online discussion. It’s probably best that people who disagree talk to their own audience not each other. But for a project which believes that quotes are anti-social they sure use them a lot ?

Mastodon Maintainers have explained their design decision already

The Mastodon Project wrote a blog post outlining their design decisions. It boils down to they believe certain features on Twitter were abused so they’re disabling them entirely in their software. It’s well worth a read and you can decide whether if you agree with them or not.

Conclusion

A proposed change in Mastodon raises concerns on the freedom of expression. People are free to make their own forks of Mastodon so it’s a limited issue. People who are concerned can and should make their own ActivityPub projects. I hope this article was informative and that you enjoyed the memes along the way. Now that I think about it – it was like one of those educational games. You know where you get to play a few seconds and then have to solve a math problem to continue. No? Alright I feel old…