Closed dpifke closed 5 years ago
Thanks for filing an issue. We're planning to share more about the process we went through to produce the text we are using in a blog post, but I'll briefly share here: We did rounds of UX research for the text we're using with people who use Firefox. We solicited their feedback on various messages and the text we are using is the result of that process.
The dropdown links to https://support.mozilla.org/en-US/kb/firefox-dns-over-https which in turn links to the TRR agreement. We'll be updating our privacy notice to reflect DoH shortly.
The average user has no idea what "DNS" or "Cloudflare" are, nor the privacy impact of this setting.
The opt-out is labelled "disable protection," which seemingly forces them into uninformed consent. If I were a non-technical user, I would have no clue that clicking "OK, got it" means that Cloudflare, a company unrelated to Mozilla, now gets to know about every web site I visit.
Further, there is no link to Cloudflare's privacy policy or the Mozilla/Cloudflare TRR agreement. Firefox's Cloud Services Agreement makes no mention of DoH. The user should be prompted to read the resolver policy before "agreeing" to it.
May I suggest better text? Something like: