If you’re freaked out that your browser turned something called “DNS over HTTPS” on, you’re being bamboozled. DoH is a good thing.
18
46
237
Conversation
This Tweet was deleted by the Tweet author. Learn more
That is a confusing tweet, it sounds like you might think Google owns Cloudflare? That is not the case. If it helps, Cloudflare are legally bound to a retention policy negotiated by Mozilla, which you can read here developers.cloudflare.com/1.1.1.1/commit.
7
This Tweet was deleted by the Tweet author. Learn more
That's still confusing, because Chrome is not doing anything like that, or planning to do anything like that? The Chrome plan is to essentially to only upgrade connections to your *existing* resolver, so how can that possibly be bad for privacy?
1
This Tweet was deleted by the Tweet author. Learn more
Yep exactly that, AFAIK Android can support DoT for the system resolver, but I don't know of any plans for DoH outside of browsers. I'd be lying if I said I don't want more DoH though, but I have absolutely no say in the matter 😆
1
2
Android 10 uses opportunistic DoT with the network-provided DNS servers (DHCP or VPN) by default. It provides the option to set a specific DoT server hostname for authenticated encryption without a fallback to unencrypted DNS. I don't think there are any plans to add DoH support.
2
Android has always used the network-provided DNS servers by default, not Google Public DNS. If DHCP doesn't provide any DNS servers, it uses the fallback DNS servers. The default AOSP fallback servers are Google's, but vendors can override it even if they ship Google Play.
1
Android's adoption of DoT doesn't change anything about how this works beyond providing protection against passive eavesdroppers by default, while giving users the option to enforce using their a DNS-over-TLS server of choice with authenticated encryption. It has no downsides.