Comment
Author: Admin | 2025-04-28
Prevent ISPs user trackingDoH creates havoc in the enterprise sectorDoH weakens cyber-securityDoH helps criminalsDoH shouldn't be recommended to dissidentsDoH centralizes DNS traffic at a few DoH resolversDoH doesn't actually prevent ISPs user trackingOne of the main points that DoH supporters have been blabbing about in the past year is that DoH prevents ISPs from tracking users' DNS requests, and hence prevents them from tracking users' web traffic habits.Yes. DoH prevents the ISP from viewing a user's DNS requests.However, DNS is not the only protocol involved in web browsing. There are still countless other data points that ISPs could track to know where a user is going. Anyone saying that DoH prevents ISPs from tracking users is either lying or doesn't understand how web traffic works.If a user is accessing a website loaded via HTTP, using DoH is pointless, as the ISP will still know what URL the user is accessing by simply looking at the plaintext HTTP requests.But this is also true even if users are accessing HTTPS websites. The ISPs will know to what site the user is connecting because the HTTPS protocol isn't perfect, and some parts of the HTTPS connection are not encrypted.Experts say that ISPs won't be inconvenienced by DoH, at all, because they can easily look at these HTTPS portions that are not encrypted -- such as SNI fields and OCSP connections.DoH encrypts precisely zero data that is not already present in unencrypted form. As it stands, using DoH only provides *additional* leaks of data. SNI, IP addresses, OCSP and remaining HTTP connections still provide the rest. It is fake privacy in 2019.โ Bert Hubert ๐ช๐บ (@PowerDNS_Bert) September 22, 2019Furthermore, ISPs know everything about everyone's traffic anyway. By design, they can see to what IP address the user is connecting when accessing a website.This IP address can't be hidden. Knowing the final IP destination reveals to what website a user is connecting, even if everything about his traffic is encrypted. Research published this August showed that a third-party can identify with 95% accuracy to which websites users were connecting just by looking at IP addresses.Any claims that DoH prevents ISPs from tracking users are disingenuous and misleading, experts argue. DoH merely inconveniences ISPs by blinding them to one vector, but they still have plenty of others.DoH bypasses enterprise policiesThe second main talking point is DoH's impact on the enterprise sector, where system administrators use local
Add Comment