On November 3, 2019 7:41:17 AM PST, Mark H Weaver <address@hidden> wrote:
Mark H Weaver <address@hidden> writes:
One possible solution would be to enable DNS-over-HTTPS, which I believe
is supported by IceCat-68 although it's disabled by default. See:
https://support.mozilla.org/en-US/kb/firefox-dns-over-https
Incidentally, I think that a case can be made that enabling this is a
sensible default for most users, even when not using Tor, because it
prevents the user's ISP from snooping on and hijacking DNS lookups.
Whereas most users have little or no choice about their ISP, we can
choose a default DNS-over-HTTPS provider that commits to a strong
privacy policy. Also, the provider is user-configurable. However,
I acknowledge that any such decision would be controversial.
Incidentally, I just learned that the largest ISPs in the US are
currently fighting hard to prevent the roll-out of DNS-over-HTTPS.
Here's an article by the Electronic Frontier Foundation on this issue:
https://www.eff.org/deeplinks/2019/10/dns-over-https-will-give-you-back-privacy-congress-big-isp-backing-took-away
Mark