> I don't see why it's better than DoT or DoQ, except maybe a use case for censored countries.
This feels like saying "I don't see why we need oxygen in the atmosphere, except for people needing to breathe." Being able to overcome censorship is a huge win and is more than sufficient for DoH to be better than DoT, etc.
> Also, we are moving from your ISP knowing too much about you to Cloudflare knowing too much about you. It's one of the biggest DoH DNS services, often they see unencrypted HTTPs traffic, they also an exit node for iCloud Private Relays. ISP is left out, but Cloudflare seems to be able to consolidate this knowledge.
The key making DoH still a net win in spite of that is that your ISP has the mapping from your source IP to your real-life identity, but DoH providers like CloudFlare don't.
This feels like saying "I don't see why we need oxygen in the atmosphere, except for people needing to breathe." Being able to overcome censorship is a huge win and is more than sufficient for DoH to be better than DoT, etc.
> Also, we are moving from your ISP knowing too much about you to Cloudflare knowing too much about you. It's one of the biggest DoH DNS services, often they see unencrypted HTTPs traffic, they also an exit node for iCloud Private Relays. ISP is left out, but Cloudflare seems to be able to consolidate this knowledge.
The key making DoH still a net win in spite of that is that your ISP has the mapping from your source IP to your real-life identity, but DoH providers like CloudFlare don't.