For anyone considering enabling DOH, I seriously recommend reviewing Paul Vixie’s keynote at SCaLE 18x Saturday morning.
It contains a great deal of food for thought on a variety of forms of giving control over to corporations over things you probably don’t really want corporations controlling in your life.
Depends on your threat model: ISPs, Big Tech companies, State-level actors, random hacker at the same Wi-Fi network. The problem with DoH is that software developer picks the threat model he or she thinks is most relevant, and applies to all use cases.
Solution is to ask user what is the user threat model and apply it. DoH/DoT are not harmful per se, their indiscriminate usage is.
Rubens