Who is using Firefox DNS-over-HTTPS ?
 

https://support.mozilla.org/en-US/kb...dns-over-https

Are you aware of Firefox DNS-over-HTTPS ? Are you using it ?
What is your opinion about it?

I thought it was enabled by default, although this is a new FF install and it wasn't. I did enable it. My opinion, somewhat uninformed, is that it is a good thing. Mozilla has added another provider, and you can now also add your own, assuming they do DNS over HTTPS that is.

As long as it uses the defaults you send one DNS-provider all your requests. In my eyes a gaping hole in privacy. Mayby DoT (DNS over TCP) will handle this better. I'll wait for that.

I’d note that unless one does something to avoid it all DNS requests are (usually) sent to a single provider....the one the ‘puter is configured use. On my home network, that’d be the Cox Communications name server. On my server, I use a name server provided by the data center.
According to the link posted, I wonder if the servers I use, or Google‘S 8.8.8.8 name server, for example, have such policies in place.

That said, and as the linked page points out, DoH prevents third party sniffing by encrypting, but will defeat things like using DNS to filter website access.

Well that goes for all DNS solutions I know of. At least with DNS-over-HTTPS it's encrypted.
What's that and how could it be better?

Lmgtfy ;)

https://en.wikipedia.org/wiki/DNS_over_TLS

Does not address my question.
So, let me google that for you:
https://www.thesslstore.com/blog/dns...ns-over-https/
.. reads ...
OK, I'm a little wiser now.
Apparently there’s a debate, and I’ll trust the technical specialists when they say that DNS over TLS is a better implementation of what in its intent is the same as DNS over HTTPS: to encrypt DNS requests while they travel through the web.

But AFAICS this still does not address the issue of having to entrust whoever runs your DNS server with all your requests.

Alas, I fear you will just throw me another LMGTFY, but it would be nice to actual engage in a discussion about this.

Thanks to all who replied. Personally I don't understand the DNS over TLS vs DNS over Https. I read the linked article but at the end it there was no clear winner. Anyways I will keep using DoH until Firefox offers something better.

TLS is the encryption method used to achieve HTTPS so they are synonymous, at least with respect to how Mozilla implements the traffic in Firefox. Outside of the browser, I suppose you could encrypt DNS traffic using TLS but I do not know enough about that.

Why do you ask when you are aware of the issue and discussion? You probably understand more of the questions than I. All I gleaned so far, was that DoH has more issues than DoT. That lets me wait until the better wins (hopefully). I just wanted to point out to the OP that not all is resolved.

If you don't trust Cloudflare you can always use "Custom" with OpenNIC's non-logging DoH:

https://doh.hack13.me/dns-query

i never use it as it the DNS over HTTPS protocol can be used by malware to encrypt DNS requests.

I disabled DoH in Firefox since it would by-pass my Pi-Hole DNS server and start serving up tracking tokens and ads. I have facebook and twitter domains blocked since I don't use them and I don't want them to track me, DOH has no way to block domians.
DoH does not address tracking, and any filtering a provider may have is not as comprehensive as it could be (except for maybe Quad9).

What kind of malware targets (desktop) Linux ?

My Raspberry Pi went bad after running for three years so I have no hardware to run Pi-Hole but I use the following Firefox extensions to block ads

Decentraleyes
Privacy Badger
uBlock Origin