Just recently I discovered DoH was activated by default now and bypassing my /etc/hosts block list without any warning. This opened me up to tracking from sites I thought I had blocked.
In all above cases the failure-modes are insecure. It's like a firewall that suddenly switches its enforcement policy from a deny-all+whitelisting to allow-all+blacklisting without properly informing users.
Some rather sensationalist claims there. Other than infringing on the DFSG, I don’t really see the problem with those binaries.
If you’re downloading compiled software from anyone, you’re trusting them to not have put nasty things in the binary. There could be lots of interesting things injected to the binaries that are not part of the open source code.
As for the safe browsing thing, that looks to be a bug specific to Debian’s Firefox-distribution, not FF itself.
And as for DoH, it’s not exactly a secret, it’s been widely reported on and featured in the release notes. If you’re technically competent to play around with `/etc/hosts`, you should be capable of reading the release notes, too.
Firefox Installs non-free binaries from Cisco and Google again https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915582
firefox: Safe Browsing updates fail due to insufficient quota on the Google API key https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895147
Just recently I discovered DoH was activated by default now and bypassing my /etc/hosts block list without any warning. This opened me up to tracking from sites I thought I had blocked.
In all above cases the failure-modes are insecure. It's like a firewall that suddenly switches its enforcement policy from a deny-all+whitelisting to allow-all+blacklisting without properly informing users.
Totally unacceptable!