Yesterday there was a discussion on the HN frontpage about Firefox "HTTPS-Only Mode" and the thread's 2nd to top comment was a user saying they wanted only one source of DNS data: their ISP. (No other alternatives or backups.)
Perhaps some users really do not care if their ISP now or in the future censors their access to resources on the internet. Perhaps some users will only start to care about the potential for censorship when a site being censored is one they want to access.
Generally, anyone using third party DNS is potentially subject to censorship via an easy, popular method.
SNI is another easy method. Browsers by default send plaintext SNI to every HTTPS site. However not all HTTPS sites require SNI (check for presence of SNI or check SNI against Host header). Additionally, all Cloudflare sites support encrypted SNI.
Here is the link
https://censoredplanet.org/assets/censoredplanet.pdf
https://censoredplanet.org/assets/censoredplanet-slides.pdf
Yesterday there was a discussion on the HN frontpage about Firefox "HTTPS-Only Mode" and the thread's 2nd to top comment was a user saying they wanted only one source of DNS data: their ISP. (No other alternatives or backups.)
https://news.ycombinator.com/item?id=25122260
Perhaps some users really do not care if their ISP now or in the future censors their access to resources on the internet. Perhaps some users will only start to care about the potential for censorship when a site being censored is one they want to access.
Generally, anyone using third party DNS is potentially subject to censorship via an easy, popular method.
SNI is another easy method. Browsers by default send plaintext SNI to every HTTPS site. However not all HTTPS sites require SNI (check for presence of SNI or check SNI against Host header). Additionally, all Cloudflare sites support encrypted SNI.