[JohnFen]

I consider DoH too dangerous to allow on my own network, so here's what I did: if you want to use HTTPS from my network, you need to install my root cert. I then proxy all HTTPS traffic to detect and drop DoH exchanges.

I expect that we'll see this sort of thing more and more.

[nixgeek]

I’d consider you installing a root onto my device far more dangerous than DoH, because how do I know you’re only dropping DoH, and not actively logging everything? I have to assume you are evil.

As a consequence I would not use your network. This may also be considered success from your point-of-view.

[JohnFen]

That's totally fair. My network, my rules. You are not required to use my network.

However, I'm not completely heartless. I also run an open WiFi AP that, although limited, is available for guests who aren't comfortable with my security measures. You can't reach the rest of my network through it, but it's there and will get you internet access.