|
|
|
|
|
|
by tremon
5 hours ago
|
|
|
> Freedom of DNS choice has nothing to do with DoH The attack vector that DoH offers is that data exfiltration companies will start shipping their own DNS resolver in javascript to work around DNS-based filtering. They can't do this with regular DNS because the network traffic can still be observed and blocked independently, but how will you block a browser from accessing specific https URLs without MITM'ing all traffic? So yes, DoH does have something to do with DNS choice: it can completely subvert the OS-provided domain resolver service as well as the browser-configured one. |
|
|