I want you to consider that nowhere in the RFC is privacy mentioned as a primary design goal of DoH. The only two goals are first-hop integrity, and bringing DNS resolution to the application.
So you have some measure of privacy/integrity to the DoH server, but no idea whether whether or not, or to whom they're giving your DNS queries to.
On top of that, bringing DNS resolution into the web application is going to have implications with regards to ad blocking.
With the sunsetting of manifest V2, and supposedly limiting the effectiveness of ad blockers, they're coming for your browsing data, and are here to make you watch ads. You know, those same ads from ad delivery networks that are serving you malware currently.
I mean, any DNS provider can provide you with platitudes promising to not log your IP address or DNS queries, but you'll never actually know if they are or they aren't unless you see the server configs yourself. So there's that.
They claim to do a lot of redaction in their dns-specific policies, but there is a lot of deliberate word usage. They don't story anything in non-volatile memory. The only capture ".05% of all traffic sent to Cloudflare’s network infrastructure" (but don't specifically mention their DNS infrastructure).
What I'm getting at is that if you didn't learn about how much companies value your privacy by the cascade of breaches over the past decade or the intelligence community leaks, then you weren't paying attention.
Also, several malware authors, and a number of new and aspiring frameworks use DoH as a C2 method. There's no clear communication from major DoH providers on how they plan on handling abuse of infrastructure. I brought concerns to cloudflare executives of known malware campaigns using their DoH infra, and they didn't give a shit.
Thanks for posting this. I think far too many people have the misconception they can operate truly private with ease now.
Frankly I think its nigh on impossible, especially with applications doing their own DNS lookups, and I imagine in many cases eventually it will be over nonstandard ports, and likely encrypted so we wont be able to catch and re-route at firewall.
Irony is capitalism working harder to destroy privacy than the government.
I have this feeling that at some point we're going to see web applications or apps that, if you aren't using DOH, or if the DNS was tampered with in any way, the application will just refuse to run. That just brings a whole host of concerns over how badly policed ad networks are, and how much more information ad networks stand to gain over you.
I couldn't agree more. The minute I saw browsers starting to do lookups independent of the machine DNS settings, well, its like the proverbial cartoon snowball rolling downhill.
I have no doubt OSS will step in and produce trustable apps, but we shouldnt have to come to this.
I sit here hoping someone will reinvent dns in a ring format. A person drops a request into a group of machines, stripped of ID, the response goes to the whole ring but only the requesting machine picks it up.
@silverwizard it frustrates me to no fucking end, that DoH was opt-in by default on all new installs of Chrome and firefox, completely bypassing any filtering the user may have had set up. Hope you have ublock origin installed.
but cloudflare have been reliable for being a vile company protecting the worst of the worst sites for years under the guise of free speech yet when the site is responsible for people dying and the heat from the media gets too much then they drop them. Their acceptable use paragraph says so much by having so little in its brevity. They have also put the most vile sites together on their own dedicated CDNs so it’s intentional to not impact legit customers.
much of DoH was driven by a paranoia that your ISP is looking at all your queries and selling it all.
while some ISPs, particularly wireless, are doing that, expecting an end user to make a well informed choice about an alternative recursive server is... naive?
and expecting your web browser vendor to do it for you is a different set of bad expectations. not to mention that this doesn't address apps doing DoH without the user or OS ability to pick or over-ride what the app wants to do.
so it really just changes from "i know who my recursive server is but little to no clue what they do with my data" to "i have little/no clue of who my recursive server is or what they do to my data".