23 Dec
2019
23 Dec
'19
3:04 p.m.
Firefox now makes available DNS-over-HTTPS. I'm a big fan of security and privacy, but I'm struggling to see the gains here: we stop some hypothetical observer from finding out what domain name we're querying ... and then immediately turn around and ask that domain for a web page. You hid the destination in your first query ... only to immediately expose it with your next query. I admit I'm thinking of our hypothetical advisor being at the ISP: they'll see both types of queries anyway. I suppose the argument can be made that an observer on the path to the DNS but not at the ISP has been stymied, but this seems ... lower value. Still, is that primarily what this will stop? -- Giles https://www.gilesorr.com/ gilesorr@gmail.com