Instead of TLS intercept, they can just disable DoH, right? They can configure the image as they please, after all.
-
-
*sigh* Just because DNS theoretically could be tunneled via other means doesn’t mean its in users’ best interest for a for-profit intelligence firm to have DoH & use their monopoly power to shove it into browsers to bypass everyone’s security controls so they can make more money.
-
We're just going in circles here. The difference is that by connecting to free coffee shop wifi, I'm not explicitly stating I want them to monitor my activity. That should not be the default.
- 2 more replies
New conversation -
-
-
That isn’t my argument, my point is it’s another thing to add to the list of things you need to monitor. Which is fine, just need to do it right.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
. It seems pretty arbitrary to be concerned about monitoring for exfiltration via DoH, but not arbitrary other means of tunnelling DNS (e.g. DNS over SSH), or just any other protocol.

