DNS Over HTTPS Controversy

Around 24th Jan 2020, Firefox introduced support for DNS over HTTPS (DOH), and freebsd decided to stop updating Firefox.

Under benefits section of Firefox they say:

DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your browsing behavior.

This is abject hogwash. Here is how Wikipedia puts it:

Technology journalists have argued that DoH provides a false sense of security, as it only encrypts information that could still be obtained via non-encrypted portions of HTTPS requests, such as IP addresses and Server Name Indication.

For HTTP sites DOH provides absolutely no privacy from ISP/network sniffers in your LAN etc. For HTTPS sites, ones that use SNI, it again provides no privacy. Only for non SNI HTTPS sites, it provides domain name privacy, but even there IP is available to ISP etc. And for non SNI HTTPS sites, domain to IP and IP to domain is one to one mapping, so there just knowing what IP you connect to is sufficient to let ISPs know what domain you are accessing.

So in short DOH in Firefox provides very dubious, almost non existent privacy.

Instead, they have added a new privacy infringement vector, the DOH provider, in this case Cloudflare.

In plain words, every single domain you access from Firefox, is going to relayed (along with your IP address) to Cloudflare. This is a major privacy concern.

Let me repeat, this change does not hurt ISPs ability to access this data, this only only provides Cloudflare access to this data, that they did not have before this change.

Doing so, in the name of increasing privacy, that reeks. That reeks Firefox and Cloudflare, and you should be ashamed of yourselves.

Table Of Content

Immobile v2


Rust: Or Type

Project Primer

Cross TimeZone Invite Rule

Link Log

Oct 2020

August 2020

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020


Books Have Read / Recommend

Product Management Books

Badass: Making Users Awesome


Five Cs of An Organisation

Success and failure of encryption

Open Source

Observer: Observability for Rust

Realm: Web Development Framework Using Rust and Elm

MartD: Server To Browser Messages

On Writing And Formats Of Written Communications

Rust Stuff

fbt: Folder Based Test-Runner

dmax: Cargo Dependency Updater

Rust feature flags

Why is diesel not compatible with async?

Making Postgres Only Diesel Code To Also Support Sqlite

Rust Git2’s Concepts

Git Hash And Build Date In Rust Build

Systray Only Native App In Rust

Software and Tools I Use Often


DNS Over HTTPS Controversy

The Patel Motel Cartel

Standalone Complex


January 2020

Word Of The Day





Nix On OSX Catalina

Postgres: WAL / Logical Decoding

Postgres: Listen-Notify



Go All The Way

SSH Commands



SHA256 vs SHA224

Pronouns Bad


Web Components

Early Return