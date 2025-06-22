@ derDay said in DNS vs HTTPS:

you go to a cafe and connect to their WiFi, than the owner could see, that you are surfing at netflix.

It's a valid point, for people who do that. For a desktop PC, not so much.

Another problem is, such networks often have captive portals that require a login before granting access to the internet:

https://en.wikipedia.org/wiki/Captive_portal

In such cases, if the DoH-enabled browser tries to access for instance https://doh.opendns.com/dns-query it will fail because it won't be able to find the IP for that host. I assume the browser will fall back to using the normal DNS resolver in such cases though to avoid this case, and the log will only show a DNS request for the DoH host and nothing more.

and of course, it's much more relevant if it's not you watching Netflix but maybe a reporter in a foreign country who want to read websites, which bring. problems to them.

Also a good point, journalists and others living under oppressive regimes will need to take care to mask their network activity as much as possible, and DoH helps with that.

However, such "internet cafe" networks behind captive portals are also proxied. And a proxy can easily decrypt network connections before sending them on. Meaning the protection offered by HTTPS is moot. Security Services can then visit the cafe with a warrant and obtain the network logs.

Basically, if you're worried about privacy, don't use internet cafes