> DoH would prevent other WiFi users from seeing which websites you visit,<p>This is <i>false</i>, and downright dangerous information. A network attacker can still see that you are visiting pornhub.com even with DoH, since you are sending the hostname in cleartext as part of the TLS handshake.<p>Google isn't a snake-oil security solution - they shouldn't be making such false claims.
Long story short: Chrome will do DoH DNS, but only if your current DNS provider already supports DoH, and, for now, only as an experimental feature.<p>People are upset about Firefox's new default of routing DoH to Cloud Flare, and I understand why. But it's useful to keep the issues distinct: DoH is a good thing (your ISP should not be able to see your DNS queries), even if routing them to Cloud Flare isn't.
On this topic: I recently learned about <a href="https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https" rel="nofollow">https://support.mozilla.org/en-US/kb/configuring-networks-di...</a><p>Is this just a Mozilla one man show or are there plans by anyone else to support this? Maybe make this a standard? Some googling revealed nothing... Now the way Google does it sounds somewhat reasonable but who knows what the future will bring, or what other software will adapt DoH.
Google make this point which I haven't seen in any of the arguments so far:<p>> In particular, we are aware of how DNS can play an important role in ISP-provided family-safe content filtering.<p>Lots of families with children use their ISP's safe browsing facilities which is usually implemented via alternative DNS servers.<p>Yes it is not terribly difficult to defeat, but it is cheap and effective for small and non technical children.<p>This does at least seem like a more sensible experiment than Mozilla's which will break the above scheme for every Firefox user.
They say it will be enabled only for providers supporting this. Do they mean DNS servers supporting DoH?<p>If a network DHCP server publishes a local DNS server that is not on the list, DNS traffic will not bt encrypted?<p>So a network operator wishing to continue spying on its users just needs a local DNS proxy?
Archived copy that can be read without JS enabled:<p><a href="https://archive.is/59JCD" rel="nofollow">https://archive.is/59JCD</a>
The only thing DoH gives anybody .. is even more of your private data to a centralized provider with questionable ethics, and the only company more ethically questionable than Google is Palantir. Run your own local resolver and move on with your life.
Does anyone know how much money Mozilla gets from Cloudflare? Do they get any? I've tried to find something in Mozilla financial declarations but haven't found anything.