Yep, DoH might add some small amount of latency, but it seems impossible it was responsible for what you were seeing.
-
-
So turning it off or using the native browser worked fine but it is not DoH?
1 reply 0 retweets 1 like -
Replying to @cynicalsecurity @bagder and
Rebooting your computer sometimes fixes problems, it doesn't really reveal anything about the cause though, right?
2 replies 0 retweets 6 likes -
no, but turning DoH back on slowed browsing to a treacle again… do it a few times and it starts being compelling evidence. Perhaps the ISP throttles TCP to CDNs, perhaps it has SSL MITM which breaks DoH. I don't know and I don't care 'cos my mum lives 4hrs away and I need a fix.
1 reply 0 retweets 3 likes -
Replying to @cynicalsecurity @bagder and
Sure, It's possible the ISP was doing SSL MITM. I care about that, I don't want your mums email being inspected without permission. I guess if you don't care, then resolving this problem was an unwelcome chore, but just allow malicious ISPs shouldn't be the default right?
1 reply 0 retweets 4 likes -
Yes, right, let's pick the most unlikely reason… the reason, which I bothered to analyse, is that the ISP is small, does not peer at major peering points, is on a local IXP and is, fundamentally, only suitable for local traffic. DoH and the hundreds of DNS requests make it slow.
2 replies 0 retweets 1 like -
Replying to @cynicalsecurity @bagder and
I was just repeating the reason you gave. Sure, disabling DoH might be the answer in some situations, but you agree we shouldn't *default* to plaintext protcols like http/telnet/dns, because in rare cases it's acceptable, right?
1 reply 0 retweets 3 likes -
No, you are putting a data transfer protocol, a remote access protocol and a name resolution protocol in the same category. DoH is not securing DNS, it is sending all requests to the same location which, for privacy, is lethal.
2 replies 0 retweets 7 likes -
Replying to @cynicalsecurity @bagder and
Right, I listed a bunch of plaintext protocols together that have encrypted counterparts, telnet => ssh, http => https, dns => doh. Not sure what is wrong with that. It seems like a really ridiculous claim that DoH is worse for privacy than DNS, but interested to hear why.
2 replies 0 retweets 1 like -
Sure, it's a straight upgrade from DNS. The issue is it's also easy to block, so it's a reasonable concern that snoopers will just block it and force everyone to downgrade to DNS. DoH is very difficult to block without permission.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.