I have not yet seen an argument against DNS-over-HTTPS that does not amount to “but how will we spy on the people we provide a service to?”

So I think that means it’s working :)

Network operators have no right to know or monitor what people are doing with the utility service they provide.

If you can’t trust them, either make it so you don’t need to trust them, or find trustworthy people and trustworthy (by means of being free) software. Spying on them is never okay.

Show thread

(although I recommend DNS over TCP over Tor as the best way to preserve privacy when using DNS, if you’re actually going to implement it yourself)

I think I’m sufficiently mad about the state of DNS discourse that a DNS privacy blog post is incoming. Stay tuned.

I wrote a summary of the DNS over TLS vs DNS over HTTPS debate (without going too much into the drama).

It also contains an introduction to my proposed solution, and why it’s better than either.


(boosts/sharing welcome)


@qyliss So, it seems like the only pro argument for DoH is currently directly circumvented by support.mozilla.org/en-US/kb/c
I'd also think that it would be possible without problems to run DoTLS on port 443?

@momar Yes I don’t know wtf Moz is doing with that.

if you did DoT on 443, unless you could find some way to _also_ serve HTTPS on that port, it would be easy to check whether it was a DoT server.

Sign in to participate in the conversation
Layer8 in Space

Welcome to the 8th Layer of Madness

Most topics are related to Linux, Anime, Music, Software and maaaany more