[AgentME]

Firefox has no incentive to prevent people from blocking ads, and DNS over HTTPS isn't a tool to block users from reconfiguring their own machines. All browsers let you configure your DNS settings still. The thing that DNS over HTTPS prevents is letting whoever is supplying your internet (including your ISP, whatever hotspot you're using on the go, etc) manipulate your DNS. It's not about removing control from the person who owns the machine.

[wvenable]

> DNS over HTTPS isn't a tool to block users from reconfiguring their own machines.

Yes it is. Effectively it takes the "machine" out of the equation entirely. DNS resolution happens between the app and the server without you have any say over it at all.

[netheril96]

I guess you can run your local DNS server and point the browser to that. The local DNS server can do all the filtering you want, and forward the filtered out requests to the outside DNS server.

[zelly]

the doomsday scenario the top-level comment mentioned is if they disabled that option. it's possible but very unlikely because it would make that browser unusable for many corporate networks.

[wvenable]

What corporate networks don't allow outbound HTTPS?

[zelly]

they run their own internal DNS resolvers

[wvenable]

Yes, but DNS over HTTPS by passes internal DNS resolvers and because it's HTTPS the corporate firewall would have no idea this is happening.

[AgentME]

And the application, the browser, is configurable by the user. There's no OS standard for DoH configurability so it can't just rely on the OS for that.

[sa1]

Apps that do that could always have used their own hardcoded IPs or local resolvers.