Hacker News new | past | comments | ask | show | jobs | submit login

Yes, but you always also had the "choice" of running your own resolver and running any outbound queries (or just using a recursive resolver) over a VPN.

You might protest that since that's complicated and takes effort the 'choice' isn't that meaningful, particularly when it comes to our collective privacy. You might also protest that it's easy to mess up and hard apply consistently to all hosts, and that few people would bother.

Exactly. The same applies to "you don't have to use cloudflare" for DOH.

You also could have already used your choice of DOH by running DOH proxy-- and bonus: all software would be protected rather than just the browser. ... so if "choice" was the only criteria, we already had it, and there was no reason to default many millions of people to sending all their DNS requests to a single point of observation.




Why wouldn't firefox be able to add those preferences by default?


Why should it? There's already a preference, called system setting. The system administrator configured something, it is not app job to duplicate or override that.


In the early days of web browsers, the browsers like Firefox implemented early SSL/TLS ahead of OS vendors. To this day, Firefox still maintains and bundles its own Root CA list, and by default prefers its own list over OS provided lists.

There's certainly precedence for web browsers doing things ahead of OS/system support because they can do it faster, and because maybe they think their users' (privacy and/or security) needs can't wait for deeper OS/system support.

(Also, for an increasing number of people, a browser isn't just "an app", it is their real OS where they spend the most time.)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: