Elevator Pitch

• DNS over HTTPS (DoH) claims to protect your DNS queries from surveillance, but in reality, it centralizes your data to a single provider, potentially making privacy worse.

Key Takeaways

• DoH encrypts DNS queries but sends them all to a third-party provider (often Cloudflare), creating a single point of data collection.
• Alternatives like DNS over TLS offer encryption without the unnecessary complexity of using HTTP as a transport protocol.
• The author supports modernizing DNS security, but argues that DoH increases complexity and risk rather than solving the privacy problem.

Most Memorable Aspects

• The critique that DoH simply shifts your DNS data from many potential "peepers" to one central entity.
• The skepticism toward commercial data policies and the motives of companies like Cloudflare.
• The assertion that complexity introduced by DoH undermines security rather than enhancing it.

Direct Quotes

• "DoH is not about protecting your DNS queries from peepers. That is a big lie. It is about making sure only one peeper can see all of your queries."
• "Cloudflare is a commercial company. And commercial companies, by definition, must earn money. How does a modern company in the IT business earn money? By selling data."
• "Complexity is the enemy of security."