DNS-over-HTTPS causes more problems than it solves, experts say https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/ …pic.twitter.com/Td8WVxtwVZ
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Did you just suggest that I snoop? Also, please feel free to refute https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/ … - people are so far attacking the messenger and not the message.
The article is pretty ridiculous Bert, DoH is a piece of the puzzle, nobody is claiming it is sufficient in isolation.
I mean products that monitor endpoints by snooping on DNS queries, for a variety of reasons. If you own the endpoint and don't like it, for any reason whatsoever, you can change it. If you don't own it, the owner will opt-in to trusting their network instead.
How do I disable it on the endpoint? Malware doesn’t follow Group Policy.
Are you trolling, or are you really asking me to explain why changing DNS settings won't prevent malware?
How does one "just disable it"? The currently favored deployment model appears to be "each application vendor brings their own DoH stack using their favored public DoH service(s)". There is no place that a sysadmin or user can see or control which service is supposed to be used.
We're talking about two browsers. Two. Both with documented Enterprise policy support. And if it actually becomes all or most applications, well, consider finally taking the hint that nobody wants your DNS snooping and meddling.
i snoop on my family network and my work network. noone controls the endpoints except surveillance capitalists, supply chain poisoners, malware, and intruders. so i monitor and filter dns for reasons of safety, policy, and law. must i now stop?
The argument is that you cannot modify or manage all your owned endpoints. Like the DNS settings of your fridge, thermostat or chrome cast. And that per-application instead of per device DNS settings make it worse for the user to manage these.
Which is an incoherent argument. "This thing should not use encryption because other unrelated things may or may not use encryption." I think bringing up non-browser stub resolvers is mainly done because "I want to snoop on your browser traffic" is too obviously indefensible.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.