So, I read some articles on DOH and looks like the whole thing is a myth and doesn’t really help in enhancing user privacy and security. Even if the DNS requests are encrypted, the ISP will still be able to track you.
What are your thoughts?
So, I read some articles on DOH and looks like the whole thing is a myth and doesn’t really help in enhancing user privacy and security. Even if the DNS requests are encrypted, the ISP will still be able to track you.
What are your thoughts?
Currently, DoH does very little from a privacy perspective in hiding the sites you visit from your ISP. Even if it hides the DSN query, the domain you connect to can still be read in plain text by your ISP from the SNI field of the TLS handshake.
Until Encrypted Client Hello is standardized and used widly, DoH will be rather pointless. However once both are implemented and enabled, your ISP should have more difficulty knowing which sites you connect to. The ISP will only have access to the IP of the site, and that doesn’t mean much when it’s the IP of a Cloudflare proxy for instance, which are used by millions of websites.
Some services used Domain Fronting to achieve similar privacy and avoid censoriship, but this is mostly just abusing a bug in the implementation of large cloud providers, and is now banned in most cloud providers.