I can see one way: often your DNS is going through a local resolver. The off-site traffic is combined with other client devices before the ISP gets a gander at it. The application making the choice of who to ask (often without the users real understanding about that choice) isn't an automatic win.
For me personally, I'm a little concerned about not having a way of telling local users that I know more about how to look up a particular domain (which might resolve to a local address when you on my network) than the browser vendor. There is a mechanism for opting out which I haven't tried yet. There isn't really a good mechanism for saying you trust your local network administrator (who I generally trust) more than your ISP (who I don't trust to not spy on me). It's a sticky problem. On Sat, Dec 28, 2019 at 7:37 PM Tomas Kuchta <[email protected]> wrote: > Could you explain the details why/how DNS over Https would you "not > recommend using it. It's just a way for data-mining > companies to suck up more of your private life"? > > The way I understand it, it is meant to provide privacy from your ISP and > traffic observation along the way to the DNS. It should not make anything > else worse/better. > > Thanks, > Tomas > > On Sun, Dec 29, 2019, 03:01 Tom <[email protected]> wrote: > > > On Wed, 25 Dec 2019 20:14:00 -0800 > > "Mike C." <[email protected]> wrote: > > > > > Has anyone dug into this much or actually using it? > > > > > > It's experimental in Chrome but not currently available in the .deb > > > version. > > > > > > Apparently, It has been a Firefox feature for a few years, but Chrome > > > has been my browser of choice for many years now. > > > > > > OpenWrt supports DoH through DNSMasq and HTTPS-DNS-Proxy. Which is > > > nice because then all your LAN / WLAN devices can use it after > > > setting up once and makes troubleshooting any problems related to it > > > much easier. > > > > > > I know a few years ago, DNSMasq was pretty standard on Ubuntu / Debian > > > based distros. Which makes me think there's probably a HTTPS-DNS-Proxy > > > package for most Linux distros. > > > _______________________________________________ > > > PLUG mailing list > > > [email protected] > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > I would not recommend using it. It's just a way for data-mining > > companies to suck up more of your private life. There's no security or > > reliability to it over normal DNS. In fact, the security and > > reliability is worse. > > > > -- > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
