| > If a parent is capable of filtering out internet traffic at DNS level, then they should be capable of doing the same on top of DoH. Home filtering solutions using DNS either tend to rely on being the DNS server, or upstream filtering (e.g. the filtering ISPs provide where the parent gets a web interface with their subscription). In either situation they're sold to parents as easy to use solutions, not as things they build and install and understand underneath. That kind of filtering over DoH can be harder because there's plenty of edge cases when DoH is thrown into the mix that complicate things massively. It's also worth bearing in mind that swapping DNS interception at the ISP for DNS interception at Cloudflare can be more displacement than improvement (where the ISP isn't screwing with people's connections, for example). Finally, what's being talked about with DoH is going to be baked into browsers, not into the OS. This is the biggest support headache for ISPs and probably the source of that support argument. It's understandable to be concerned about variants of "My Apple mail is working but I can't see Facebook" support calls. Sure, ISPA are utterly tone deaf and deserve to be shot down for targeting Firefox this way, but DoH isn't the panacea some people are making it out to be and there will be lots of edge cases dropping out if browsers start ignoring OS settings and doing their own things. |