FF60+: TRR mode (DNS over HTTPS)

I have a feeling the discussion might get long winded, so I’m doing it in a new issue (instead of in #383 )

FF59-60 diffs

• [] pref(“network.trr.mode”, 0); 1434852

not to mention all of this

pref("network.trr.allow-rfc1918", false);
pref("network.trr.blacklist-duration", 259200);
pref("network.trr.bootstrapAddress", "");
pref("network.trr.confirmationNS", "example.com");
pref("network.trr.credentials", "");
pref("network.trr.early-AAAA", false);
pref("network.trr.request-timeout", 3000);
pref("network.trr.uri", "");
pref("network.trr.useGET", false);
pref("network.trr.wait-for-portal", true);

My gut feeling is I think I want to include it/them in the user.js (under section 0700) to let users know this is a bad idea (this is debatable)

What I think I know

• at this stage it’s not turned on by default (at least not in stable)… something something nightly something shield study mumble mumble was only discussed not implemented as a study blah mumble something
• it bypasses hosts
• its just moving the data collection from a small player (local ISP, yes some ISPs can be big players) to f$^%king cloudflare
• mozilla has agreements in place to preserve privacy (I assume) and the data is only kept for 24 hours, and its just the request not the IP it came from (I think) blah blah, not sure
• IDK what other settings are required to make it work besides the main one (hence I dumped the lot in that code snippet)

Just the fact it bypasses hosts and gives more power to cloudflare is reason enough for me to warn people away. BUT, it is an effective tool. BUT you could do the same with a VPN (to hide from your ISP). BUT not everyone can afford a VPN and too many VPNs are shady bastards

Class, discuss.