| > DoH doesn't interfere with your ability to choose your own DNS provider. It may not make it impossible but it makes it harder. You need a provider that supports DoH, and your browser will ignore your OS-wide DNS setting. Previously your default DNS provider would be an ISP that you'd picked; now the default is whoever's most profitable for your browser maker (you might say you pick your browser, but there's less real choice there than there is for ISPs, at least where I live). > As far as I'm aware, no one has suggested that DoH should be mandatory. It is a sensible default that improves the privacy and security of most users, but a user who decides that they do not want to use DoH can simply opt out in the settings. Likewise, HTTPS is not mandatory either, and browsers will not prevent users from accessing unsecure sites. They will however warn users to make sure they are aware of the risks. They won't do it all at once, but they're making it harder and harder to access non-HTTPS sites. It's gone from a clear warning to a block page where accessing the HTTP version requires multiple clicks on tiny text; the next step will be to make it require a config tweak to even get that tiny text at all, and then they'll say that their telemetry conveniently shows few people are using that config tweak (because who could imagine that the kind of people who would don't trust their browser maker would disable telemetry) so they're removing it. We've seen this whole playbook before. It'll be the same for DoH. > A FoI request is just asking the government to give you information. They will never intentionally give you anything they do not want you to have. FoI laws tend to contain enough exceptions to cover any situation, but even if you should legally receive the information, there is nothing you can realistically do to make them provide it to you. Governments are accountable to their citizens, not just in theory but in cultural practice, which is what really matters. If you get a bogus response to an FoI request then you can complain to your representatives, and if your representatives don't respond then you can vote them out. But more importantly, the clerk handling your request knows that their duty is to you, not their shareholders, and will generally act accordingly. And if they don't, there's a whole culture of whistleblowers, investigative journalists, activist judges and so on. None of that exists for a private company CA where they're working for their shareholders and no-one expects them to do otherwise. Frankly even if it did leak out that a CA had refused to issue a certificate to someone who they just didn't like, it wouldn't even be a scandal unless you were lucky enough to catch the right moment where there was a social movement supporting that particular kind of person. |