On 12/23/19 1:37 PM, Giles Orr via talk wrote:
Both things tend to be true of encryption technologies.
I am not sure I would be running out to implement DoH any time soon because it does not seem like a great value.
I'm also not enthusiastic about taking DNS out of the hands of the operating system: not only does this break "do one thing and do it well" (although browsers did that long ago), it also means that if you have name resolution problems the solution becomes split on "is this in the browser or somewhere else?" It seems to me that this solution - if implemented at all, and it's sounding like a bad idea - should be done at the OS level, not the browser.
I've been using DoH since it showed up in Firefox Nightly. DoH can be set to fallback to an OS resolver in the event that the browser's resolvers are unavailable. The value of DoH is in not letting ISPs or employers or parties x, y, and z track, monetize, and deanonymize DNS requests. For example: ISPs as resolvers can take DNS requests and sell that data on to a data broker to target ads and no one is the wiser. Likewise sharing with law enforcement or government. Our ISPs are total black boxes when it comes to how they run, share, and monetize our DNS data. Another example: employers can track browsing habits on networks using a VPN, DHCP, or preconfigured resolver. The recent case of Kathryn Spiers at Google is roughly analogous. She made a browser extension to notify users about their rights, but I have no doubt that every Google employee's DNS queries to union busting sites are logged and can be correlated if someone higher up decides to embark on further union busting programs. Then there are the countries with questionable human rights records who surveil their citizens, activists, journalists etc. I think that DNS is one of those things that we all take for granted and trust without realizing how easy it is to monitor, subvert/tamper, monetize, and identify individuals with. I'm personally all for making surveillance capitalism incrementally more costly to the data brokers and ad networks out there. Moreover tools like DoH that make privacy a default setting go at least some way to encouraging the idea that privacy online should be a fundamental right (which is admittedly a matter of personal belief, but I haven't come across a compelling argument to the contrary). Cheers, Jamon