This is sort of like claiming that the spread of encryption is bad and dangerous because it provides tools to terrorists. The problem with the claim is that even if every person or organization producing end-user software stopped developing or supporting DoH, the cat is fully out of the bag. It's just technology at the end of the day, and any company making hardware that wants to hide their DNS requests is completely able to do so already. Some are even building VPNs into their IOT devices. This can't be stopped; ending development on uses of the technology that do benefit the end user is not just pointless but actively a bad idea.
There's also a weird conflation that happens between the claim that DoH is "anti-user" and that DoH is "anti-sysadmin". These are two completely different things. If you're a sysadmin who wants to provide a useful DNS service with some additional features on your domain / network, DoH makes it harder for you to do that. I fully agree with this point, and in fact it's a pain point for me because I run Unbound on my router myself! However, this is completely different from the claim that it's "anti-user". Most people do not have friendly local competent admins setting up DNS for them. Those who do are given the choice to opt out of DoH by changing their settings in e.g. Firefox. For other users, DoH is a massive security win. It absolutely makes sense for it to be the default. Anti-admin != anti-user.
The hacker news hysteria over DoH is quite absurd and disappointing. Seeing comments massively exaggerate to downright lie about the situation because they are angry their pihole setup no longer works.
Imo Firefox is representing the users best interests here. The router, and ISP dns servers can not be trusted. The user wants their browsing session to be as private as possible. Cutting out one more source of data leakage is what the user wants.
DoH gives us two things as end users in our homes:
* Privacy from the router and ISP, which is good, and the reason you should use it on your personal computing devices (PC, laptop, phone, RPi, whatever)
* The inability to inspect/redirect/selectively block traffic from anti-user devices we own (Samsung spyware TVs/Chromecasts/Smart ovens/Smart vacuums)
That being said, while I generally trust Cloudflare, it's not the optimal provider for me, and I don't like a random american company being hoisted on me.
Go ahead and give us evidence about how Cloudflare can be trusted. At least we have legally binding contracts with our ISPs.
Also, are you trying to suggest that people who know enough to run Piholes don't know enough to run their own DNS servers (or at least select good ones) and their own routers? That's pretty rich.
> Also, are you trying to suggest that people who know enough to run Piholes don't know enough to run their own DNS servers (or at least select good ones) and their own routers?
If your upstream network is trying to censor or surveil you, you can't run your own DNS server, because it will intercept your queries to the root servers.
There's also a weird conflation that happens between the claim that DoH is "anti-user" and that DoH is "anti-sysadmin". These are two completely different things. If you're a sysadmin who wants to provide a useful DNS service with some additional features on your domain / network, DoH makes it harder for you to do that. I fully agree with this point, and in fact it's a pain point for me because I run Unbound on my router myself! However, this is completely different from the claim that it's "anti-user". Most people do not have friendly local competent admins setting up DNS for them. Those who do are given the choice to opt out of DoH by changing their settings in e.g. Firefox. For other users, DoH is a massive security win. It absolutely makes sense for it to be the default. Anti-admin != anti-user.