Executive summary:
DoH is intended to reset the balance of control and data collection
from ISPs, system and network administrators towards (browser) users.
On Mon, 6 Jul 2020, Michael Peddemors via mailop wrote:
One thing not mentioned so far in this thread, is data collection..
While many D'oh providers claim NOT to log or track, simply by using HTTPS
opens up the door to exposing personal browsing habits..
No. They were already exposed. DoH allows whoever configures it
(see below) to choose who gets to see the personal browsing habits.
It is very easy to simply 'extend' any HTTPS request, to include other
information in the request that can be used to uniquely identify the user.
Only a matter of time..
Good point, that I hadn't heard before.
DNS was just that, DNS.. and effectively anonymous.
Technically anonymous, in that there is no official mapping from
machine to user. In many environments the DNS provider had some access
to that mapping, though DoH does expose the user as well as the
machine.
My tinfoil hat spidey sense tells me that this is a move towards both big
brother, as well as data collection..
As I understand it, Mozilla (Firefox) is championing DoH because
it wants *users* to be able to control who collects that data,
not sysadmins, network admins or ISPs.
On a related point, AM Vittorio Bertola said:
making sure that the four browser makers that control >90% of the world's
browsers get to choose who is allowed to provide DNS resolution to their
users (including doing it themselves or requiring DNS providers to strike
business deals with them before allowing them into their list).
As I understand it, the browser user controls the DNS provider.
Mozilla, at least, is striking deals to ensure that providers who
share Mozilla's philosophy are available.
Historically, 'choosing' to set your DNS provider at the OS was an end user
choice, but with D'oh, it opens the door to the application layer to bypass
firewall rules as well.
?? Historically the DNS provider was set by the machine's admin,
not by the user. On any multi-user system that difference mattered.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
