Put the "user" back in "user agent"
@sir uhh what am I missing about Firefox and Cloudflare?
@anelki DNS over HTTPS (aka sending all of your DNS lookups to CloudFlare) is now the default behavior in Firefox
Cloudflare eats shit, I don't think many people here disagree, but you can find all sorts of alternatives and many of them seem to be reputable sources with privacy focuses..
DoH is addressing a different problem. In corporate networks, and probably evil ISPs, DNS to other servers is simply blocked. You have no way to use DNSSEC. But they can't really block HTTPS traffic to cloudflare. Unfortunately, this also means a DoH server needs to be a big CDN to be effective.
With a correctly configured Firefox you can connect to a malicious network and it's still fully hidden which cloudflare enabled website you're visiting.
1) If I can force the attacker into traffic pattern analysis I'd consider that a success. The status quo you've been suggesting is just giving away that data for free to anybody who knows how to run sniffglue on a router.
2) Running services on their own dedicated ip is going to be considered bad opsec in the future. In real life a significant number of websites run on a very small set of ip addresses like cloudflare, whether you like it or not.
@sir they opened a ticket somewhere lemme see if I can find it
@ben w3c is a captured organization
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!