[stiray]

This is also my concern. ISPs are typically located in same country making them follow the laws of that country.

I belive authors of the DoH idea were doing it with good intentions but road to hell is paved with good intentions.

What we are doing with DoH is actually breaking decentralised internet infrastructure to centralized (or lets say, less centralized...for now) and this was never a good thing (historywise).

For test why is this bad you can try to block google and amazon ASNs and try to surf around the web. You will notice that the internet is quite different (a hint, yandex.ru was the only search engine I have found that still works)

For instance selling the information about user accessing some domain would be a big no-no in my country.

They are obliged by law to protect customers information except if ordered by court.

With DoH all bets are off. Surely it will give some privacy for users where ISPs are sticking their noses into customers data (like in USA), they wont be able to do it anymore but for me, I trust in our ISPs (or laws) while I surely dont trust google or cloudflare.

We will just give internet resolving into hands of multinational corporations, what could go wrong, right? (Just quick ideas: for $10 / day we offer redirection from yourdomain.com to sellingcrap.com or we resolve .ourinternaldomain only over DoH and not resolve to external ips to force you to use our DoH,...)

[kitteh]

What about your ISPs employees? Do you trust a sysadmin pulling 40-50k a year (or less) to not sell your DNS resolver data?

Do you think your ISP has better controls and a security team than some of the big CDNs and cloud providers to detect and prevent this?

The reason I bring it up is because I know a number of ISPs whose sysadmins were on the take and selling bulk regular dumps of DNS resolver data under the table to other parties for years.

[stiray]

That would be criminal offense - it would mean criminal investigation and quite probably a fine for ISP (negligence). It is just not worth the risk.

If we go into those waters they can also break into my house, smack me on my head, use rubberhose cryptoanalysis, decrypt my machines and copy data from there.

For 3rd party company outside of our juristiction there is nothing that protects my data, actually they will abuse them as part of their bussines model.

The data transfers are not free, if someone is setting up free DNS resolving (cloud storage, providing emails, operating system for phones,...) there is some hidden profit within (the good old: "if something is free you're the product")

For ISP I pay for their service and this is a huge difference (also regarding laws - a much broader set applies)

[hurtyfi]

> The reason I bring it up is because I know a number of ISPs whose sysadmins were on the take and selling bulk regular dumps of DNS resolver data under the table to other parties for years.

Can you substantiate this claim? I've heard of ISPs in the USA who sell data, but what you're describing sounds a little bit far fetched.

[belorn]

When you say "under the table", do you mean unbeknown to the customer or the employer? The later will likely result in the employee being fired, fined and possible jailed. I would also suspect that a criminal do not file taxes for selling stolen data, so one can likely add tax fraud.

If you know such people you should consider reporting it to the police.

[gsich]

>What about your ISPs employees? Do you trust a sysadmin pulling 40-50k a year (or less) to not sell your DNS resolver data?

Yes. What use do you have for that data? Especially if it's only one user. There is not much that you can do.

[hamilyon2]

Your comment opened my eyes in a sense. DoH could be both huge net positive for people in country like Russia, where not law mandetes logging every internet request and indefinite storage of them.

At the same time it could actually hurt privacy of people already protected by law in developed countries.