[coddle-hark]

Thanks!

> We're working on a way to disallow users from acting as exits for certain kinds of traffic - so you'll be able to categorically block certain kinds of sites through the UI in the near future.

How does this stop someone posting ISIS propaganda to Twitter? Or uploading CP to Google Drive?

> Even with DoH on by default in the browser, we can still override / specify a DNS server.

Can you? Browsers don’t respect the system’s DNS settings even with plain old DNS over UDP so I don’t think that’s the case. I might be missing something though!

[ian-bateman]

Posted a bit about how we plan to approach this above, so just re-pasting:

  > - we plan to build in something similar to HTTPS Everywhere to the product, to automatically upgrade connections (and we only route traffic on ports 80 / 443 (optionally 53)). - we also plan to build in the ability to allow peers to block certain categories of traffic from going over their connection (using blocklists similar to those used by Fortiguard -- so you could block all torrenting sites, as an example).

And yep you can actually! Can't find better article on it at the moment (lots of search history to comb through, but this kind of touches on it a little / roughly: https://www.reddit.com/r/pihole/comments/gndbod/dns_over_htt...)

[q3k]

You do realize you can get people in trouble for proxying traffic even to legit websites? Like, get someone a visit from the cops because someone else used their connection committed wire fraud on an auction site.

Your product is irresponsible.

[samoa42]

generally you can not block DoH without blocking most of the web, thats literally the point of it.