DoH is not about protecting your DNS queries from peepers. That is a big lie.
Reminder: if you don’t protect your HTTP[S] traffic using Tor and TorBrowser, your privacy is still compromised.
For a nosy Internet Provider is very easy to correlate the IP addresses your browser connects to with the most popular websites and services.
(Not to mention browser fingerprintinting and tracking done by 3rd parties)
SNI easily gets uncovered with even the most rudimentary DPI I would think.
Yes and also, even with ESNI or domain fronting in use, the IP addresses are still a dead giveway. There’s no protection from that.
True, though looking at my tcpdump tor/i2p nodes generate a lot of fake interactions. unless you connect to snapcraft.io or like that every 15 minutes you aren’t that obvious.
Well, I mount my own server inside a little community.
Requests are shared between the community when the DNS server asks to root ones directly and is not specific of every individual.
A way to proxify the DNS requests securely.
I mostly agree with the sentiment. The thing that really bugs me is that configuring DNS system wide is broken like that.
I encountered some networks where DoT wasn’t going through (restrictive firewall) while DoH went through just fine, so I chose that instead.
