[koolba]

Physical devices already do this: https://mailarchive.ietf.org/arch/msg/dnsop/WCVv57IizUSjNb2R...

At least a browser might have a user setting to disable it.

[bscphil]

This isn't the same thing. That's just a hard-wired DNS server, which can be easily forced to use your own servers at the firewall. GP is talking about DNS over HTTPS, which can't be fixed in this way.

[perspective1]

Just use iptables on your firewall/router to reroute all traffic on port 53 to your DNS server.

[koolba]

I can assure you that the general population has no idea what half the nouns in that sentence mean, let alone how to do any of that.

[Spivak]

I mean the game of controlling 3rd-party devices that we don’t really own via side channels is always gonna be a cat-and-mouse of ever more elaborate hacks.

The next game will probably be mitming these devices by flashing a new CA store.

There is no general solution to running an openly adversarial app/device in your network.

[perspective1]

> I can assure you that the general population has no idea what half the nouns in that sentence mean, let alone how to do any of that.

Keep in mind you're on HN-- we tend to be a more technical population :). If you're interested I found this on StackOverflow via Google: https://unix.stackexchange.com/questions/144482/iptables-to-...

You'll have to Google how to set up iptables/telnet or ssh on your router yourself, assuming it supports it.