> On 13 Sep 2019, at 12:25, Marco d'Itri <m...@linux.it> wrote: > > We are talking about preventing large scale censorship (I do not think > that this is really about privacy) for *general users*: obviously *we* > already know about countless workarounds.
That’s a false statement. Right now, we are talking about sending _all_ your queries from just **one** application - Mozilla Firefox. And what’s worse - if we are talking about protecting the users, it could lead to a false sense of protection - any other application in the system will send the DNS queries through stub resolver (e.g. most probably to whatever the system gets from the DHCP). Again, please note, I am not advocating against DoH or DoT, I just think we need to do a better job to protect our users than blindly following Mozilla’s lead by enabling it by default without explicit user consent. BTW there’s a new initiative - Encrypted DNS and if you look closely, ISC is on the list of participants from the very beginning. There’s no doubt that we need to encrypt DNS, but in a way that won’t lead to every app sending it’s DNS queries to a different resolver. Ondrej -- Ondřej Surý ond...@sury.org
