The article provides no source for this assertion and this Mozilla blog post is pretty clear that DNS-over-HTTPS is off by default and defaults to CF if you enable it or are part of the shield study (which requires nightly and opt-in to shield studies in the first place) https://blog.nightly.mozilla.org/2018/06/01/improving-dns-pr...
If this is true, then I'm okay with the feature being available if it is opt-in. Although I generally think this is a concern better left outside of the particular browser I'm using. If I want to route DNS queries through a third party then I'd like to do that for all my network traffic, not just my browser.
But that’s a different argument you’re making. For many people, routing the browsers DNS via a secure channel is a substantial improvement. You’re still free to route all your network DNS via DoH, there’s software for that. But until DoH is the operating systems default (or at least a non-expert option), this can be a viable improvement.
Yes. If it's opt-in, then I can certainly live with it and I understand why people might use it. I'm just pointing out that features like these, while well intentioned, still add bloat to the browser. Sometimes saying no to feature inclusion is the right thing to do in the long term even if it has a use in the short term. I'm a big believer of the Unix philosophy of do one thing and do it well.
Modern browser are basically OSes not by coincidence but because they are basically used as OS replacement. I think Tanenbaum (citation needed) wrote that an OS basically does two things: abstracting the HW and managing resources.
Browsers do the latter as much as an OS
I think you substantially overestimate the number of providers that behave ethically with regards to DNS and substantially underestimate how many people have shitty ISPs. You seem to have a very skewed view of how the number of internet users distributes across the world. Even in Europe, providers are not refraining from hijacking DNS and using DNS blocks for certain sites.
I think you substantially underestimate the number of networks that use split-horizon DNS for their functioning, and where hijacking the DNS is going to cause significant breakage.
No, but they do exist and specifically in this case (since they mention public wifi) pro users capable of configuring their system dns might not be the only target audience
I agree. I use DNSCrypt and route my requests through a different server each time.
That said, Joe User doesn't know how to setup any DNS server. Even going into Window's Control Panel gets Joe User anxious. Joe User doesn't care enough about privacy to learn how to set it up system wide. And for Joe User this would cover 99% of his internet usage.
