This DNS over HTTP thing

Thu Oct 3 15:24:38 UTC 2019

> Yes, obviously they are trying multiple levers--but who gets to draw the
> line, where are they going to draw it, and why do they get to decide for me?
> What prevents an absurd 'solution' like "We can not only stop child
> molestation, but rape in general if we just castrate everyone" from being
> one of the levers, but intentionally breaking tools like DNS is acceptible?

The same reason we don't punish littering with a firing squad.  Slippery 
slope arguments like this are counterproductive, since you're admitting 
that whatever is on your end of the alleged slope isn't really that bad.

> People who are determined enough will find ways to circumvent the
> system--something along the lines of "the internet treats policy blocks as
> damage and routes around it".

Everyone knows that it's easy to circumvent DNS blocks, but in practice 
few people do, not knowing how to do it or not wanting to.  To dredge up 
my favorite example, why would any normal person want to circumvent blocks 
against malware?

Regulators are concerned about DoH not so much because the traffic is 
encrypted, but that it circumvents existing blocks, in Mozilla's case 
without the permission or knowledge of the users.  If that becomes 
widespread, the countermeasures will be ugly.

This isn't to argue that DNS blocking is a magic bullet, but it's a tool 
and you're not going to persuade anyone that the DNS is so sacred that 
nobody can touch it.  Let's save that argument for strong encryption, 
where it's actually true.

Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly