The core point of contention is whether ISPs get the queries by default. The benefit of DoH is that we can control who gets to see them. I understand you're indifferent to DoH if the ISP still gets the queries. I'm sure you already understand this, I don't know why you asked?
-
-
"Whether the ISPs get the queries" is not even my main complaint, it's "the browser is willfully bypassing system settings" and "over HTTP". DNS over TLS exists, quad-X resolvers (with DoT) exist. DoH is just silly.
1 reply 0 retweets 6 likes -
The problem is you are one of the lucky few who only use trustworthy networks. Many people do not have that luxury, like the customers of the ISPs in the article above. Is it your opinion that it just sucks to be them, and we should do nothing?
5 replies 0 retweets 4 likes -
Replying to @taviso @Cron2Gert and
So denying people control over DNS and whisking off queries to a jurisdiction with weaker privacy legislation is beneficial if their network is untrustworthy? I see.
1 reply 0 retweets 1 like -
Replying to @Alzimon @Cron2Gert and
Yes, if your network is untrustworthy "whisking off" the queries to a trustworthy network seems like a good idea to me. Nobody is denying anyone control, what are you basing that on?
1 reply 0 retweets 1 like -
Replying to @taviso @Cron2Gert and
For one thing, as I understand it, centralised DoH will let browsers and appliances circumvent my own (and any state-mandated) DNS-based blocklists. Furthermore, what I consider trustworthy is for me to decide. Information Ssecurity is about control.
1 reply 0 retweets 0 likes -
Replying to @Alzimon @Cron2Gert and
Absolutely not, this is just about choosing safe defaults. Nobody is suggesting you shouldn't be allowed to choose who is trustworthy. If you're lucky enough to only ever use trustworthy networks, great! Many people are not that lucky, and we should help them, right?
2 replies 0 retweets 0 likes -
As long as you define yourself as trustworthy, this is fine advice. Or in the words of a wise former coworker of yours: “I trust me; why shouldn’t everyone else trust me too?”
2 replies 0 retweets 1 like -
Replying to @PowerDNS_Bert @Alzimon and
Tavis Ormandy Retweeted
Do you agree that the customers of the ISPs in the article you posted yesterday are getting a pretty bad deal? I understand some of those ISPs are probably PowerDNS customers, and you might not want to criticise them, but just in general? https://twitter.com/PowerDNS_Bert/status/1181212034878361601 …
Tavis Ormandy added,
This Tweet is unavailable.2 replies 0 retweets 0 likes -
Some deals are better or worse than others. If you want to change things, best be sure the new deal you advocate is better. Especially if you are going to default people into it a new deal that still leaks all data to the old one. Are you sure?
1 reply 0 retweets 0 likes
The deal that Mozilla and Cloudflare agreed to is public. Yes, I think it sounds better than the deal the users had in the article you were disgusted about? And if anyone disagrees, they can change it. https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/ …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.