Comment by AnthonyMouse
1 day ago
> Your ISP knows your real-world identity, whereas Cloudflare just knows your IP address.
Your ISP also just knows your IP address. They may have some information linking that IP address to a person, but so does Cloudflare, which does a MITM on half the internet and thereby knows not just your identity but the things inside the TLS connections you make.
> That'd only be true if the system defaults prevented fallback to insecure DNS, and so far, the few systems that support any form of secure DNS all will automatically do insecure fallback.
So change the system defaults instead of having the browsers disrespect the system settings that may well have been purposely set by the user.
> Your ISP also just knows your IP address. They may have some information linking that IP address to a person, but so does Cloudflare, which does a MITM on half the internet and thereby knows not just your identity but the things inside the TLS connections you make.
But then Cloudflare has your info even without DoH, so in that case, it's strictly more private to use DoH.
> So change the system defaults instead of having the browsers disrespect the system settings that may well have been purposely set by the user.
Just like you said about running DoT over port 443: this is a totally reasonable thing that would solve the problem, but it isn't how things work today, and unless/until it does happen, I think browsers defaulting to using secure settings when the system settings are insecure is the better option. (Especially since users who purposely don't want DoH can just manually configure their browser too in that case.)
> But then Cloudflare has your info even without DoH, so in that case, it's strictly more private to use DoH.
They have your info when the site you're accessing uses Cloudflare, which means they know more than enough to identify you.
Now you're telling them when you access a site that doesn't use Cloudflare.
> Just like you said about running DoT over port 443: this is a totally reasonable thing that would solve the problem, but it isn't how things work today, and unless/until it does happen, I think browsers defaulting to using secure settings when the system settings are insecure is the better option.
How do you get them to stop doing it once a better solution exists?
> Especially since users who purposely don't want DoH can just manually configure their browser too in that case.
This is the problem with doing it this way. Suppose I don't want DoH in my house, how do I get rid of it? Configure six different browsers on each of the dozens of devices in my family and hope I didn't miss any?
It needs something in the nature of "change this DHCP option on your internet gateway" is the issue, but that thing needs to be a universal standard that everything respects.
> They have your info when the site you're accessing uses Cloudflare, which means they know more than enough to identify you.
> Now you're telling them when you access a site that doesn't use Cloudflare.
But if Cloudflare already has that info from half the Internet, then the loss of privacy from that is outweighed by the gain of privacy from hiding it from your ISP.
> How do you get them to stop doing it once a better solution exists?
Once Windows, macOS, iOS, and Android all default to secure DNS with no automatic fallback, I expect browser vendors will be perfectly happy to change it.
> This is the problem with doing it this way. Suppose I don't want DoH in my house, how do I get rid of it? Configure six different browsers on each of the dozens of devices in my family and hope I didn't miss any?
The phrase "devices in my family" sounds a lot like "other people's devices", so wanting that seems uncomfortably close to what the malicious network operators want.
> It needs something in the nature of "change this DHCP option on your internet gateway" is the issue, but that thing needs to be a universal standard that everything respects.
That's specifically what there needs to not be, because if such a setting existed, malicious networks would all just use it.
3 replies →