DNS over HTTPS (DoH) is not the Panacea the Marketers Are Leading you to Believe
Mozilla Firefox is promoting its new DNS over HTTPS (DoH) as a privacy-preserving method, but in reality, it is changing how DNS works. Its not the magical user privacy cure but marketing speak for “fake privacy.” In its drive to solve a non-existent problem, they are causing more problems than fixes, especially in the enterprise sector. Oh, and it does not prevent ISP user tracking. If you believe that DNS over HTTPS (DoH) will prevent any ISP from tracking users, you don’t understand how web traffic works. It is a mere inconvenience to any ISP because they have plenty of other methods they can use to identify where you are going. However, the biggest issue comes in the enterprise environment system, where system administrators use local DNS servers and DNS-based software to filter and monitor local traffic, to prevent users from accessing non-work related sites and malware domains. DNS over HTTPS (DoH) creates a nightmare scenario for them because it will allow employees to bypass any DNS-based traffic filtering solutions making monitoring for DNS hijacking impossible and weakening corporate cybersecurity efforts. Oh, and hackers and malware aficionados, they love DNS over HTTPS (DoH) because it allows them to communicate with command and control servers unimpeded by local network monitoring solutions. Users who want to hide their web traffic should still look at VPNs and Tor as safer solutions. What it will do is require corporations to invest more in new ways of monitoring and filtering traffic. These expensive systems are available, and it is why many have relied on these DNS-based systems until now.