I have not yet seen an argument against DNS-over-HTTPS that does not amount to “but how will we spy on the people we provide a service to?”

So I think that means it’s working :)

Network operators have no right to know or monitor what people are doing with the utility service they provide.

If you can’t trust them, either make it so you don’t need to trust them, or find trustworthy people and trustworthy (by means of being free) software. Spying on them is never okay.

(although I recommend DNS over TCP over Tor as the best way to preserve privacy when using DNS, if you’re actually going to implement it yourself)

I think I’m sufficiently mad about the state of DNS discourse that a DNS privacy blog post is incoming. Stay tuned.

I wrote a summary of the DNS over TLS vs DNS over HTTPS debate (without going too much into the drama).

It also contains an introduction to my proposed solution, and why it’s better than either.


(boosts/sharing welcome)


@qyliss I can't believe it took me until this toot to realize that DoH is going to completely fuck up my work situation (I use Firefox, but IT and nearly every employee uses Chrome, and we have many internal hostnames that don't resolve on the public internet)

@eqe by default it will fall back for non-public hosts, but if you don’t want those sent to CF you can also just disable DoH.

Sign in to participate in the conversation

Generalistic Mastodon instance for open-minded people. Instance Mastodon généraliste pour personnes ouvertes d'esprit.