Comment by josephcsible
17 hours ago
I'm glad your ISP doesn't do that, but there are a lot of people not as lucky as you, and we shouldn't deny them all a major increase in privacy just to avoid having you to change one browser setting.
17 hours ago
I'm glad your ISP doesn't do that, but there are a lot of people not as lucky as you, and we shouldn't deny them all a major increase in privacy just to avoid having you to change one browser setting.
Very true... I used to be with Sky here in the UK, and at the time they were running a transparent proxy on port 53. Changing DNS providers made no difference to the dnsleaktest results. Don't know if they still do that now.
I'm now with a different ISP, and anyway have PiHole handling DNS queries on most devices in our house. It forwards DNS requests to dnscrypt-proxy running on the same Pi, which uses Quad9 over DoH.
To me, that seems awfully trusting of Cloudflare.
Instead of sending all my DNS traffic to sketchy multinational corporation A, we'll send all my traffic to sketchy multinational corporation B?
Doesn't seem like much of an increase in privacy to me.
If you're using insecure DNS, then you have no choice but to let your ISP see all your queries. But if you're using DoH, you can choose from plenty (see https://github.com/curl/curl/wiki/DNS-over-HTTPS) of other DoH providers instead if you don't trust Cloudflare.
Frankly, the article is doing a lot of disservice (and should be removed in HN because of its grossly outdated information). As josephcsible pointed out, there are many, many options for DoH.
I change it to mullivad of course.