Re: This DNS over HTTP thing

["K. Scott Helms" <kscott.helms () gmail com>]

They almost have to change the default since there are (comparatively) very
few DoH providers compared to DNS providers.

On Tue, Oct 1, 2019, 2:40 PM Damian Menscher via NANOG <nanog () nanog org>
wrote:

> On Tue, Oct 1, 2019 at 12:24 PM Jay R. Ashworth <jra () baylink com> wrote:
>
> > ----- Original Message -----
> > > From: "Stephane Bortzmeyer" <bortzmeyer () nic fr>
> > > To: "Jeroen Massar" <jeroen () massar ch>
> >
> > > > While the 'connection to the recursor' is 'encrypted', the recursor
> > > > is still in clear text... one just moves who can see what you are
> > > > doing with this.
> > >
> > > As with any cryptographic protocol. Same thing with VPNs, SSH and
> > > whatever: the remote end can see what you do. What's your point?
> >
> > I'm still assimilating this, but based on what I've read this half hour,
> > his point is that "*it's none of Alphabet's damn business* where I go that
> > isn't Google".
>
> What's missing from this discussion are some basic facts, like "is Google
> going to change your DNS settings to 8.8.8.8?"
>
> The opening paragraph of
> https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
>  reads:
>
> "This experiment will be done in collaboration with DNS providers who
> already support DoH, with the goal of improving our mutual users’ security
> and privacy by upgrading them to the DoH version of their current DNS
> service. With our approach, the DNS service used will not change, only the
> protocol will. As a result, existing content controls of your current DNS
> provider, including any existing protections for children, will remain
> active."
>
> Could someone provide a reference of Google saying they'll change the
> default nameserver?  Without that, I think all of Jeroen's arguments fall
> apart?
>
> Damian