You can create port forward firewall rules to redirect any outbound DNS port 53 traffic. This will not work for DNS over HTTPS, which is going to be increasingly common for IoT I'd imagine.
Many of the biggest ISPs in the US are actively monitoring DNS queries, collecting the data of which sites you visit, and packaging it for sale to ad networks and data brokers. DoH stops that.
It really doesn't, as server name indication is sent in clear text. As encrypted SNI didnt take off, you dont actually get privacy benefits from DoH and friends, just security/mild inconvenience to censors.
Says who? I think your data is very old considering that ECH replaced ESNI 2 years ago. IIRC it has ~50% adoption, same as TLS 1.3. Just about every company that cares about security supported ECH for years.
Moreover, someone has to move first. If DoH wasn’t widely deployed you’d be complaining that ECH is useless because DNS is unencrypted.
Yes and it is better that google and cloudflare do that collecting under the guise of protection...
People really are gulible aren't they...
DoH is a not or a privacy feature. It simply changes who is collecting your data and makes it harder for responsibile network operators to protect their users under the guise that the big tech companies are really protecting the users from the network operators and "big bad ISPs".
Ironic given the billions big tech is making from that data.
I see this common response, but that is not really a valid rebuttable. Companies do not need to sell your data to violate your privacy, in the case of google their entire model is selling their TARGETING, not the data. That is still a violation of privacy. The fact they did not "sell" it to a 3rd party to form the customer profile changes little.
In the case of cloudflare, it is going to be interesting how they continue to justify the free public services to institutional investors now that they are public. I have a feeling there is going to be some strong pressure to either cease the free services, or find away to monetize them which likely will involve some kind of usage of that data maybe not selling per say, but some other kind of targeting or something to add to the profitability of the company.
I am no more comfortable with cloudflare having my data than I am with google or verizion, I have never used any of their DNS services
That's a stretch given the context. A smart TV maker can put whatever they want in their own client software. They don't care what features Firefox and Google support.
They could also do that with out DoH, they dont because it is not "trivial" and prone to all kinds of downsides.
DoH is the problem here, as it hides things from network operators making it harder to block ads, spam, and other items at the network level under the guise of privacy, when in reality DoH's actual goal is to further centralize the internet into approved gate keepers like CloudFlare and Google.
I would rather pay more for a TV than have it subsidized by ads. Or even better, a TV with no smart features, then I can just connect a computer for whatever smarts I want.
https://codeberg.org/unixsheikh/dohblockbuster https://openbsdrouterguide.net/#blocking-doh