| From ISPA's website, one of the reasons to oppose DoH: > User choice: An application switching to DoH should ensure that this switch does not undermine choices that have been previously made by the user. For example, if parents have decided to filter an internet connection in their home via network or local level DNS controls, these choices should not simply be ignored by the application. If a parent is capable of filtering out internet traffic at DNS level, then they should be capable of doing the same on top of DoH. Then, after some more vague concerns and handwaving, at the very end we have: > User and access-network-operator support: If DoH doesn’t work or is slow, a customer’s internet access will be affected. The customer will contact their ISP, not the DoH provider, but the ISP won’t be able to fix things for them. As a minimum, any application switching to DoH should ensure that the selected resolver should provide a 24/7 user call centre reachable via low-cost/local rate telephony and an online support capability. Support for fault-diagnosis and resolution between ISP, resolver and users should also be provided. I mean, I get that if a person is unaware of a custom DNS that some application is using they might fault ISPs for network failures due to DNS trouble, but this would happen with any DNS irrespective of DoH. |
Home filtering solutions using DNS either tend to rely on being the DNS server, or upstream filtering (e.g. the filtering ISPs provide where the parent gets a web interface with their subscription). In either situation they're sold to parents as easy to use solutions, not as things they build and install and understand underneath.
That kind of filtering over DoH can be harder because there's plenty of edge cases when DoH is thrown into the mix that complicate things massively.
It's also worth bearing in mind that swapping DNS interception at the ISP for DNS interception at Cloudflare can be more displacement than improvement (where the ISP isn't screwing with people's connections, for example).
Finally, what's being talked about with DoH is going to be baked into browsers, not into the OS. This is the biggest support headache for ISPs and probably the source of that support argument. It's understandable to be concerned about variants of "My Apple mail is working but I can't see Facebook" support calls.
Sure, ISPA are utterly tone deaf and deserve to be shot down for targeting Firefox this way, but DoH isn't the panacea some people are making it out to be and there will be lots of edge cases dropping out if browsers start ignoring OS settings and doing their own things.