Default DNS over HTTPS () in is admirable, tunneling DNS through is dangerous, as @ungleich sharply summarizes: "whether you trust Cloudflare or not, you'll end up directly supporting centralisation by using DoH in Firefox. Centralisation makes us depend on one big player, which results in less choices and fewer innovation. Centralisation affects everybody by creating a dangerous power and resource imbalance between the center and the rest" -

@NGIZero I mean, it's worth noting that there always has to be a default, no matter what you say

usually it's your ISP, or Google, but I would say neither of those are any more trustworthy than cloudflare, and those that I would say are more trustworthy than cloudflare would make a poor default because they probably can't handle the kind of traffic inherent in being a default. All I would hope is that it's trivial to change (and that DoH is fairly trivial to implement for DNS providers)

@pea Very true, it is hard to assess trust and trustworthiness for users (and you make an excellent and tough point about ethical considerations vs simply traffic management resources & capabilities). Ultimately, we favor solutions for decentralized privacy protection (projects we support -> or in the case of Firefox and Cloudflare, a clear and understandable opt-in, instead of a possibly hidden opt-out

@NGIZero @ungleich

So it's better to route your DNS queries in plain-text through your questionable local ISP instead? Very naive on many levels.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!