EFF and Partners Urge U.S. Lawmakers to Support New DoH Protocol for a More Secure Internet DoH Can Prevent Censorship and ISP Tracking by Encrypting Users’ Web Browsing October 22, 2019 https://www.eff.org/press/releases/...support-new-doh-protocol-more-secure-internet
Interesting reads: Centralised DoH is bad for privacy, in 2019 and beyond ...we haven’t been very analytical about what moving and encrypting DNS does for privacy. https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/ DoH and Cloudflare defies common internet architecture https://www.jbschirtzinger.com/post/doh/
Mozilla: Cloudflare doesn't pay us for any DoH traffic Mozilla publishes FAQ document detailing its DNS-over-HTTPS implementation plans in greater detail October 24, 2019 https://www.zdnet.com/article/mozilla-cloudflare-doesnt-pay-us-for-any-doh-traffic/
Google addresses ‘misconceptions’ about Chrome’s encrypted DNS push October 28, 2019 https://9to5google.com/2019/10/28/chrome-encrypt-dns/ Google: Addressing some misconceptions about our plans for improving the security of DNS
The article above reads very much with the unstated subtext - Firefox are the naughty people because they're effectively mandating Cloudflare. And, in this instance, I agree with that. The problem with the FF default is that it's not respecting what the OS and DHCP might be specifying, and that's potentially dangerous.
DNS over HTTPS Will Give You Back Privacy that Big ISPs Fought to Take Away October 28, 2019 https://www.eff.org/deeplinks/2019/...ck-privacy-congress-big-isp-backing-took-away
I agree that if user manually specified OS DNS address then Firefox should respect that. On the other hand: 1. ISP may be considered as threat to privacy, especially in USA. In UE it is a less of a problem because of GDPR 2. DHCP is a protocol that does not use cryptography to check for integrity of received packets. That is a problem, because adversary can send spoofed DHCP packets. If it is on your private, wired infrastructure it is less of a problem, but when you connect to public Wifi, especially public unencrypted Wifi networks it is a real threat.
Well, if people don't like cloudflare they can always change the DOH server to something else with few clicks (at least in firefox) Code: https://en.wikipedia.org/wiki/Public_recursive_name_server In the future, there will be products/services (free or paid) with always encrypted DNS for those who know what they want. And for the rest of the masses there is an option to always enable encrypted DNS if they so wishes. ISPs have to figure out some other ways to squeeze money from their poor users ....
Well, on public Wifi, use of a VPN is rather desirable, and should over-ride the dhcp's (nominal) choice of DNS. I also tend to use Firejail with nailed-up DNS resolution.
VPN is something user must choose and pay for in advance. Most people don't have VPN subscription. Also VPN generates additional overhead, so it degrades performance, especially if Wifi signal is not great and there is a considerable amount of packet loss.
ISPs lied to Congress to spread confusion about encrypted DNS, Mozilla says ISPs lobby against DNS encryption, but Mozilla tells Congress not to trust them November 4, 2019 https://arstechnica.com/tech-policy...d-confusion-about-encrypted-dns-mozilla-says/
DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition DoH support is already present in all major browsers. Users just have to enable it and configure it November 8, 2019 https://www.zdnet.com/article/dns-o...in-all-major-browsers-despite-isp-opposition/
Microsoft Jumps on the DoH Train – Company to Introduce Encrypted DNS “Providing encrypted DNS support without breaking existing Windows device admin configuration won’t be easy” November 18, 2019 https://www.cbronline.com/news/microsoft-encrypted-dns Microsoft: Windows will improve user privacy with DNS over HTTPS
That happens if the connection is not there first. It checks to see if there is a connection before enabling. If you change the service to delayed start it can help (worked for me). Oh BTW. Firefox does actually let you set your own preferred resolver, and is actually easier to change than chrome. The news that Micro$oft will bolt DoH into the system is excellent ! This stuff should not be handled differently in all apps or chaos will reign. However I think I will still stick with DNSCrypt due to the flexibility and functionality which MS will not bother with.
I'm not changing nothing, I want it to work out of the box so that I can install it at people's computers without having to worry over whether or not the service runs properly or not.
Microsoft Confirms Critical Windows 10 Security Change: Here’s What You Need To Know November 23, 2019 https://www.forbes.com/sites/zakdof...-security-change-heres-what-you-need-to-know/
Mozilla to add second DNS-over-HTTPS (DoH) provider in Firefox NextDNS joins Cloudflare as second built-in Firefox DoH provider December 17, 2019 https://www.zdnet.com/article/mozilla-to-add-second-dns-over-https-doh-provider-in-firefox/
"Because configuring Firefox to use a custom DoH resolver instead of Cloudflare is extremely complex and out of the reach of most Firefox users, Mozilla has been criticized over the past few months for favoring Cloudflare in the detriment of other DoH providers." "Extremely complex"? There is nothing difficult about manually entering the IP for NextDNS into the DNS-over-HTTPS settings of Firefox as far as I can tell. Am I missing something?
People are lazy. That's the only possible explanation. Because if you say that people are too dump to type the IP address into the input field then you will quickly lose faith into humanity and it get's really depressing quickly ....... Or like Neil DeGrasse Tyson said: "My great fear is that we've in fact been visited by intelligent aliens, but they chose not to make contact, on the conclusion that there's no sign of intelligent life on Earth"
Encrypting DNS: Year in Review 2019 December 29, 2019 https://www.eff.org/deeplinks/2019/...een-tremendous-progress-toward-encrypting-dns
