They almost have to change the default since there are (comparatively) very few DoH providers compared to DNS providers.
On Tue, Oct 1, 2019, 2:40 PM Damian Menscher via NANOG <nanog@nanog.org> wrote: > On Tue, Oct 1, 2019 at 12:24 PM Jay R. Ashworth <j...@baylink.com> wrote: > >> ----- Original Message ----- >> > From: "Stephane Bortzmeyer" <bortzme...@nic.fr> >> > To: "Jeroen Massar" <jer...@massar.ch> >> >> >> While the 'connection to the recursor' is 'encrypted', the recursor >> >> is still in clear text... one just moves who can see what you are >> >> doing with this. >> > >> > As with any cryptographic protocol. Same thing with VPNs, SSH and >> > whatever: the remote end can see what you do. What's your point? >> >> I'm still assimilating this, but based on what I've read this half hour, >> his point is that "*it's none of Alphabet's damn business* where I go that >> isn't Google". >> > > What's missing from this discussion are some basic facts, like "is Google > going to change your DNS settings to 8.8.8.8?" > > The opening paragraph of > https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html > reads: > > "This experiment will be done in collaboration with DNS providers who > already support DoH, with the goal of improving our mutual users’ security > and privacy by upgrading them to the DoH version of their current DNS > service. With our approach, the DNS service used will not change, only the > protocol will. As a result, existing content controls of your current DNS > provider, including any existing protections for children, will remain > active." > > Could someone provide a reference of Google saying they'll change the > default nameserver? Without that, I think all of Jeroen's arguments fall > apart? > > Damian >