On Sep 13, Ondřej Surý <ondrej@sury.org> wrote: > > We are talking about preventing large scale censorship (I do not think > > that this is really about privacy) for *general users*: obviously *we* > > already know about countless workarounds. > That’s a false statement. Right now, we are talking about sending _all_ your queries from > just **one** application - Mozilla Firefox. And what’s worse - if we are talking about protecting > the users, it could lead to a false sense of protection - any other application in the system > will send the DNS queries through stub resolver (e.g. most probably to whatever the system > gets from the DHCP). I have never argued for or against "protecting users": the problem I care about is DNS-based censorship of web sites and DoH from the browser to a third party resolver solves this, at least for the time being. > BTW there’s a new initiative - Encrypted DNS and if you look closely, ISC is on the list of I have seen it: it is an interesting list of companies selling DNS-related products or services, USA ISPs who are highly suspect in their sudden interest in their customers' privacy and of UK ISPs that I assume are subject to regulatory pressure. > participants from the very beginning. There’s no doubt that we need to encrypt DNS, but > in a way that won’t lead to every app sending it’s DNS queries to a different resolver. This would be nice: maybe a few of these large companies would like to fund adding DoH support to systemd-resolved? -- ciao, Marco
Attachment:
signature.asc
Description: PGP signature