Mark H Weaver <[email protected]> writes: > One possible solution would be to enable DNS-over-HTTPS, which I believe > is supported by IceCat-68 although it's disabled by default. See: > > https://support.mozilla.org/en-US/kb/firefox-dns-over-https > > Incidentally, I think that a case can be made that enabling this is a > sensible default for most users, even when not using Tor, because it > prevents the user's ISP from snooping on and hijacking DNS lookups. > Whereas most users have little or no choice about their ISP, we can > choose a default DNS-over-HTTPS provider that commits to a strong > privacy policy. Also, the provider is user-configurable. However, > I acknowledge that any such decision would be controversial.
Incidentally, I just learned that the largest ISPs in the US are currently fighting hard to prevent the roll-out of DNS-over-HTTPS. Here's an article by the Electronic Frontier Foundation on this issue: https://www.eff.org/deeplinks/2019/10/dns-over-https-will-give-you-back-privacy-congress-big-isp-backing-took-away Mark
