My take on DoH is that it will end up being used in a user-hostile to prevent DNS-based ad/tracker blocking solutions like pihole. With DNS over 53/UDP, DNS based ad-blocking solutions are a trivial firewall rule that can be made even on consumer routers.

With DNS over TLS, it's only a matter of time until adtech vendors and other privacy-invading beacons are using DoH/DoT to prevent users from inspecting & blocking these beacons through certificate pinning + traffic obfuscation.


@rrix agree, how long before Chrome is shipping with DoH direct to built in?

They already somewhat do this with Chromecasts (not DOH but they have hardcoded in as DNS servers and only way to stop it is to block it at the firewall from reaching

Sign in to participate in the conversation

staticsafe's personal Mastodon instance.