top | item 25153808

(no title)

I almost look forward to the day when it all blows up in the face of those who thought that all of these, in reality economical driven half-baked solutions - disguised as privacy or security, end up causing such a break down, that nothing works any longer.

The amount of sheer stupidity that goes into the "modern web" is just mind bugling.

DoH does absolutely nothing that helps privacy since the destination IP address is always clear and DoH only obscures that which it never should have touched with in the first place.

I have just about had it with the IT industry and the modern web!

discuss

danShumway|5 years ago

> DoH does absolutely nothing that helps privacy since the destination IP address is always clear

There are multiple situations where destination IPs are shared across multiple websites, and DNS blacklisting is a common censorship technique in multiple firewalls and ISP blacklists.

This take is just completely wrong. Of course DNS records should be handled via HTTPS, of course it's a bad idea to do DNS via plaintext. This shouldn't be complicated, why are we still fighting over whether or not encrypting personal data in transit is a good idea?

I have seen more people on Hackernews than anywhere else on the entire web bash HTTPS encryption, and I genuinely do not understand how this forum, of all places, can be home to such a bad security take. Stop designing and advocating for Internet protocols to be monster-in-the-middled!

unixsheikh|5 years ago

Yeah, let's start feeding our mail, ftp, ntp, and everything else over HTTPS as well now we're at it!

DoH is DNS done completely wrong. It's the worst patch solution to a problem that should have been solved correctly long ago!