I have not yet seen an argument against DNS-over-HTTPS that does not amount to “but how will we spy on the people we provide a service to?”

So I think that means it’s working :)

Network operators have no right to know or monitor what people are doing with the utility service they provide.

If you can’t trust them, either make it so you don’t need to trust them, or find trustworthy people and trustworthy (by means of being free) software. Spying on them is never okay.

(although I recommend DNS over TCP over Tor as the best way to preserve privacy when using DNS, if you’re actually going to implement it yourself)

I think I’m sufficiently mad about the state of DNS discourse that a DNS privacy blog post is incoming. Stay tuned.

I wrote a summary of the DNS over TLS vs DNS over HTTPS debate (without going too much into the drama).

It also contains an introduction to my proposed solution, and why it’s better than either.


(boosts/sharing welcome)

> Networks that have implemented some sort of filtering via the default DNS resolver. This can be used to implement parental controls or to block access to malicious websites.


Modern Mozilla at its fucking finest. Somebody decides to make a brave step in favour of Internet freedom, and then somebody else comes along and neuters it to protect their fucking market share or something.

@qyliss oh for fuck's sake, what are you even defending against anymore if you just hand your entire threat model an off button

@qyliss Do you say 'no' with network level censorship in mind? Because when I read that I thought about DNS resolvers that people might set up themselves for ad/tracker blocking

@mcol trivial to make your self-setup server DoH, and then you can block ads from anywhere.

@qyliss I can't believe it took me until this toot to realize that DoH is going to completely fuck up my work situation (I use Firefox, but IT and nearly every employee uses Chrome, and we have many internal hostnames that don't resolve on the public internet)

@eqe by default it will fall back for non-public hosts, but if you don’t want those sent to CF you can also just disable DoH.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!