[jbott]

This is software running on a users' computer. They will always have the opportunity to modify their configuration (or patch the running software if needed). The argument that DoH is a step backwards doesn't make sense, since it's always been possible for software that wants to circumvent hosts file / DNS filters to use an alternate name resolver.

I agree that we should push for more configuration options, but the fact remains that it's the users decision to run software that doesn't respect their freedom of choice, and ultimately they control the code that runs on their machine.

DoH is overall a huge benefit to preventing in-flight tampering and protecting user privacy. The net-benefits far outweigh the downside that "good" network providers can no longer tamper with DNS results.

[JohnFen]

> it's always been possible for software that wants to circumvent hosts file / DNS filters to use an alternate name resolver.

And it's always been possible to block access to all DNS resolvers except your local one. Until now.

> the fact remains that it's the users decision to run software that doesn't respect their freedom of choice

Unless that code is malware or some Javascript an advertiser has placed on a website. There is no way to stop software from doing its own DoH requests without using browser or OS services to do it, so the controls supplied by the browser or OS are of rather limited value.

> The net-benefits far outweigh the downside that "good" network providers can no longer tamper with DNS results.

I disagree. I'm of the opinion that DoH brought with it a security problem that is difficult to resolve. It does provide additional security in another area, but that's not something that couldn't have been done using a more reasonable approach that didn't hamper my ability to control what's happening on my own machines.

[growse]

> Unless that code is malware or some Javascript an advertiser has placed on a website. There is no way to stop software from doing its own DoH requests without using browser or OS services to do it, so the controls supplied by the browser or OS are of rather limited value.

This is true irrespective of DoH. If software wants to ignore the OS settings and resolve names down via its own custom protocol, that's what it's going to do. Short of auditing that software and it's connections, you can't really stop it.

The OS settings are not a control, they're a convenience.

[JohnFen]

True. DoH just makes it much cheaper and easier to do in a robust way. Which means it will be done much more often -- probably commonly, because of advertisers.

[comex]

> I disagree. I'm of the opinion that DoH brought with it a security problem that is difficult to resolve. It does provide additional security in another area, but that's not something that couldn't have been done using a more reasonable approach that didn't hamper my ability to control what's happening on my own machines.

How do you distinguish, at a technical level, your ability to control what's happening on your own machines versus someone else's machines? Assuming that you're referring to using your control over the network, and given that it's very common for people to connect to networks controlled by entities they don't trust.

[JohnFen]

I genuinely don't understand your question.

I don't need to distinguish between the two because I'm talking about my own network and machines, not other people's.

[comex]

I mean, how does a browser distinguish the two. How does it know that it's running on a device owned by the network operator, as opposed to the (probably more common) case that the device owner distrusts the network operator.

[TeMPOraL]

It can't, but it is a strange reality in which we absolve users of responsibility to manage their own network in order to protect them, in a way that exposes the users to new threats that even responsible ones can do very little about.

[comex]

So it's irresponsible to connect to public Wi-Fi? Or, for that matter, to directly connect to a cellular network or any commercial ISP's service, without a router in the middle?

I don't buy it. Even if you do route all DNS through a resolver on your router, that's hardly "protected", unless that resolver is itself using DNS over HTTPS (or TLS). Do you trust your ISP? I don't, and like most of the US I'm not in much of a position to switch. But even if I did trust my ISP, I wouldn't trust that the entire path from me to whatever DNS server the router is contacting (whether it's a recursive resolver or an authoritative one) was free of intelligence agency taps. In fact it seems much more likely that there is a tap somewhere.

[JohnFen]

I still don't understand. Why would the browser need to do such a thing? The issues I have with DoH have nothing to do with the browser.

[EvanAnderson]

> I agree that we should push for more configuration options, but the fact remains that it's the users decision to run software that doesn't respect their freedom of choice, and ultimately they control the code that runs on their machine.

The vast majority of people can't do that, if only because getting a reasonable experience from most websites today means allowing arbitrary code (Javascript) to be executed on your machine.