My take on DoH is that it will end up being used in a user-hostile to prevent DNS-based ad/tracker blocking solutions like pihole. With DNS over 53/UDP, DNS based ad-blocking solutions are a trivial firewall rule that can be made even on consumer routers.
With DNS over TLS, it's only a matter of time until adtech vendors and other privacy-invading beacons are using DoH/DoT to prevent users from inspecting & blocking these beacons through certificate pinning + traffic obfuscation.
To be clear: DNS over HTTPS allows privacy violating libraries to side-step the host APIs for domain resolution and implement it themselves, with their own servers. Users using DoH to escape censorship regimes or ISP nuttery is something we *should* solve for, but not at the cost of user agency.
@rrix Privacy-violating libraries could already do that, though, with or without standardization of the protocol. If you're running untrusted code with unlimited network access, you're already in a pretty bad spot.
The #DNS community seems incapable of intellectual honesty.
@rrix you don't need DNS to side-step the host DNS API. Any technology that can transmit data can send an IP address. DNS over HTTPS isn't opening up any new routes for privacy violations.
ｃｙｂｒｅｓｐａｃｅ: the social hub of the information superhighway
jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal