[edwhitesell]

I would agree with you. However, there are valid use-cases for "intercepting" DNS on public WiFi. The most obvious is to block adult content.

One example was a customer operating WiFi in restaurants. If a patron accessing the WiFi network was looking at adult content on their laptop, the restaurant owner could be liable for that. I believe it was a "public nudity/nuisance" law.

[vavrusa]

That is consented filtering and that's fine. I do the same thing locally and I'm okay with a public network operator refusing to serve certain zones (nudity, malware, illegal content).

Refusing to lookup a name != MitMing every query however, the latter crosses a fine line (for me) by both lying about answers (redirection to ad pages), and at the same time preventing users to validate integrity of the answer (or non-existence proof).

I'm not a lawyer and have no idea how much is this enforceable in terms and conditions of the service, but common sense tells me that by opting out of the provided name services liability transfers to patron. If the recursive resolution was more decentralised, this would have been moot.