Comment by creata
1 day ago
No it's not. I'm saying don't let the perfect be the enemy of the good.
DoH does solve a problem for many people. Many large ISPs will sell your DNS requests, use them for targeted advertising, tamper with responses for various reasons, etc., and so DoH is an improvement over the status quo--not for everyone, but for many users, and I'd guess most users.
You're right, DoH might not be worth adopting if it were "stupid enough", but... it's not stupid enough.
Your ISP already has all this metadata and more from other sources, so it is pointless to switch to DoH in this case, and if you do you willingly give this metadata to Cloudflare, which (for the majority of users) may even be in a better position to do evil.
> Your ISP already has all this metadata and more from other sources
If you combine this with ECH and a good blocker, no they do not. That's exactly why Spain is blocking around 60% of the internet during football games now; the ISPs cannot tell which websites and subscribers are pirating football streams.
> Spain is blocking around 60% of the internet during football games now
[citation needed for the 60% figure]
Precisely due to these blocks is why I know that Cloudflare is NOT 60% of the WWW, not yet at least. Certainly, if Cloudflare was serving 60% of the Internet, I would consider switching my DNS to them. But that would be a privacy nightmare for another day (replacing federated ISPs with a single big centralized one? great idea /s). It is not yet the case as of today.
In fact, as of today, and even if you have a "good blocker", I, a total noob, have a high chance of reliably identifying which HN news item from the top #30 you clicked from just the addresses: https://news.ycombinator.com/item?id=44219061 . Imagine what the non-noobs at your ISP could do.