@Azure @USBloveDog Another consideration is that your ISP can still do that even if you use alternate DNS providers, even on encrypted connections the hostname is transmitted in cleartext for technical reasons (TLS-SNI)

@USBloveDog Thinking about it a bit more I don't really /like/ the idea of having everyone use a DNS resolution service run under a single administrative domain of control.

Even if your ISP isn't trustwrothy because it's Comcast, having lots of hierarchical DNS caches open to the public so people can find and use one that is network-local to them wouldn't be /bad/.

This is sort of an Internet Architecture that was big in the 90s and I'm sort of sad it fell by the wayside.

@USBloveDog Way back when, universities and such were setting up big hierarchies of web proxies, for example. Where the big state universities or consortia like MERIT might run a big squid server and smaller universities might build on that, with community colleges in the area building on that, along with libraries, etc.

HTTPS Everywhere sort of kills that idea off (in some ways I'm sad that there wasn't more thought put into authenticated-but-not-encrypted for public resources.)

@USBloveDog Though it was dying off anyway. Partially because people started assuming all content was dynamic and partly because things like CDNs and Akami and whatnot sort of took the model and turned it inside out and made it provider-centric.