Chrome 83 ships out with enabled DoH

So far I don't see the DoH in the Chrome setting pages, but disabled it via

Chrome will not change the DNS servers configured by the OS. It will merely upgrade to DoH for known compatible DNS servers.

In other words, no need to disable this in Chrome flags.

Meanwhile I block all DoH server listed at curl.

Why do you do that?

To be sure because Alpabet (Google) can be evil.

Google isn't the only company that uses DoH technology. And if you think Google "can be evil", why would you use Chrome anyway?

1 Like

I don't use Chrome but some times Chromium for testing.

Ok. In any case it seems you answered a question I directed to someone else. There's no need to mess with Chrome flags or block all servers capable of DoH.

If you go through the many postings about DoH than you will notice that am opose to it.

It is mean to avoid to be muzzled by governments like China and should only be used for avoiding that. Not ever, it would have a place to be used in a normal situation.

Well you're entitled to your view, personally would encourage encrypted DNS adoption, whether it is via DoH or DoT.

DoT is one thing. DoH is a craptastic pile of monkey poo.

DoT > DoH > Unencrypted

In my opinion.

And that's a valid opinion. The first time something like Android malware uses DoH to hide it's C&C (hint, it's already happened) and that whole scheme goes in to the trash can for me.

Since there's no difference between DoH and HTTPS, why blame the existence of DoH for the malware C&C and not HTTPS?

There's an incredible amount of difference between DoH and HTTPS.

I can't see anything in that tweet which explains why DoH is more of a risk than HTTPS. :man_shrugging:t2:

Research, it's good for you.

Anyway the argument is somewhat moot, the largest browser manufacturer and the largest OS have already committed to DoH instead of DoT. I'm not a huge fan of the decision either, but that's how it is.

And that is the biggest red flag of all.