[johncolanduoni]

What percentage of Google's users do you think have a pi hole? I buy that their changes to ad blockers in Chromium are motivated by this kind of logic, since they are used by a material number of people. But for DoH it just doesn't add up, it's such a fringe case. It's also worth noting that DoH was spearheaded by Mozilla, Google just got on the ship at the next port.

Not every thing that big corporations say they do for security reasons or whatever is a cynical ploy. Do you think they're experimenting with post quantum cryptography in Chrome Canary in preparation to drop a 50k qubit quantum computer on the market sometime soon?

[kuschku]

Some ISPs started integrating pi-hole functionality into their ISP routers, and that actually went to court.

On Android, some of the most popular apps are fake-VPNs which just register your own device as VPN with itself so they can filter ads.

This isn't about the pi-hole, this is about ad blocking becoming "too easy". You can always block DoH. But no ISP can include such a blocker by default easily anymore.

[jannes]

Wait, how do you block DoH without blocking other HTTPS traffic?

Do you have to block every known DoH server? Looking at Google's DoH certificate they list quite a few hostnames and IPs as Subject Alt Names:

    dns.google
    *.dns.google.com
    8888.google
    dns.google.com
    dns64.dns.google
    2001:4860:4860::64
    2001:4860:4860::6464
    2001:4860:4860::8844
    2001:4860:4860::8888
    8.8.4.4
    8.8.8.8

Issued by Google Trust Services...

[kevin_thibedeau]

Google is digging as many moats as they can without triggering antitrust scrutiny. They have to plan for the future, not the here and now.