[d2mw]

They can fight it on the basis of censorship, and I'll support them on the basis of a decentralized Internet that does not rely on some folk who leaked private data all over the Internet a few years ago.

Fuck DoH. It's political and technical centralization under the tired old banner of "freedom!" when reality is absolutely the opposite. It'll be abused in a heartbeat the moment it has majority share, assuming folk like CloudFlare don't already have people working full time on how to profit from the data, or formulating policies on which sites they shut down that they never hosted in the first place

If you're new to this game, it always progresses the same tired old way:

- it's optional, you don't need it, but if you use it your life will become 1000% better and starving orphans in China will learn about democracy

- we're using it for just this one particular service you might need it for but it's fine because that particular service is totally optional and you have a "choice" between 3 vendors who all accidentally depend on this new thing, because they're all playing the same game

- we rolled out a new feature but it's only available to newer clients, you probably genuinely do need this feature, and the choice to avoid the new service seems to be less and less appealing

- we don't have people working full time on the older product any more, and it's full of bugs, and we're struggling to support it

- we've made some commercial agreement you weren't expecting that interacts somehow with our adjusted position thanks to the new service. somehow you've become the product without any warning, but you're so far down the river it's much less effort to stay put than try to undo becoming the product

- we've encountered a bug and made a huge negative PR fuss around the old service. it's officially insecure and you will catch cancer if you continue using it

- [3 months later] we're deprecating the old service

- [1 year later] captivity achieved

[userbinator]

"An enemy of an enemy is a friend."

As someone who uses HOSTS files and DNS-level blocking/MiTM proxy on my network to control what gets to my endpoints, I like how you think.

[ripdog]

There are FOSS DoH servers, and you're welcome to run your own, with a free cert from Let's Encrypt. You could easily run a logging-free DoH server for anyone to use, also. There's no lock-in here, and I can't see any way that lock-in could be introduced later, either.

[d2mw]

Society is only one Android release away from most consumer traffic metadata being tunnelled by default through a new instrument of political policy, thanks to a company who not so long ago wouldn't even let you select which _search engine_ you used. Do you really suppose the same company will start adding URL input boxes to their initial setup screen? If they even put such a text box in the settings, what percentage of users would actually customize it?

So the effect is not just the local mobile telco's DNS would be subverted, but every mobile telco's DNS, and if you tried to explain what's happening to the typical person it impacted, they'd give you a puzzled look before promptly switching the topic to last night's football game. Thankfully this is a completely fabricated scenario and there is no possibility whatsoever it could even remotely play out.

Given this one scenario, what value or weight does a single bearded guy's raspberry pi stashed in a closet have when it comes to worldwide DNS policy? I wonder how resilient a site like The Pirate Bay would be given an environment where DNS filtering is suddenly under the majority control of a tiny handful of companies all under American or western ownership. But DoH of course is about freedom, not about censorship. It's about preventing censorship, right!

(Apologies for the style of reply -- these are obviously not genuine questions)

edit: these unexplained downvotes are fascinating

[shkkmo]

I suspect there is support for what you are trying to say. However your communication style is unclear (especially the over use of sarcasm and rhetorical questions) and you don't actually try to support any of the points you do make. I don't see it as a positive contribution to the conversation so I down voted you.

[dnsiz]

I hate CloudFlare as much as the next guy but you can change the DoH server, can't you? I hope Firefox will expose the option in the interface and not in about:config. But we all know how Mozilla are...

[d2mw]

you appear to have jumped to step 2 in the masterplan, and completely skipped step 1. It's not even mandatory yet, but when it is, the choice will be between N<10 providers, most of them almost certainly American companies

[ancarda]

Why would DoH become mandatory?

[d2mw]

I can't see into the future, unfortunately, but you're welcome to bookmark the parent comment and set a calendar entry to compare it with reality about once every 6 months. It's possible to speculate, though. Google have been engaged in open war against ISPs for most of the past 10 years, it is in their every interest to commoditize the pipe between the consumer and the datacentre as far as possible. Removing DNS from the link is eliminating another source of risk

For Mozilla, I'm not sure, but they often follow Google's lead, and there is a strong case for Google to go that route

In any case if it ever starts defaulting to on in any browser, it's very likely the others will follow suit, as it's easy to imagine quite a lot of PR around the security benefits of the brave new world