On Oct 1, 2019, at 6:11 AM, Jeroen Massar <jeroen@massar.ch> wrote:
TDLR: - Using DoT or DoH as a protocol is fine, though the recursor still controls/views the DNS queries - Using a centralized/forced-upon DNS service (be that over DoT/DoH or even plain old Do53 is does not improve security or privacy... Getting that forced fed by the monopolies controlling the browser.... bad for the Internet. - Use a VPN if you do not trust your network provider. - Use Tor if you really want 'privacy’.
I would also be concerned about the lock-in this creates. Cloudflare (at previous DNS-OARC meetings) has said their main reason for paying Mozilla & 1.1.1.1 is to improve the performance for their customers. I think this is a great thing for their customers, but is also an issue - if you take it to the privacy extreme here it harm not only their competitors but the end-users involved as well. I’m personally very concerned about the very extreme stance taken by some people & organizations with the overall protocols and how they will harm the internet of the future. I for one am awaiting the DoHoToQUICo53 overlords to appear. - jared