Re: The whole thing is just utterly depressing
@JohnFen
DoH is not browser only, my system's DNS process has already been updated with DoH support, so my whole system can use DoH.
"Doing this is also a security problem because it makes it difficult-to-impossible to selectively block services you don't want your network to be interacting with."
That is an issue for the network operator not for the user, DoH is designed to protect the user from the network operator by preventing them from seeing what the user is doing and/or blocking it.
@stiine
I'm sorry but that is the exact purpose of DoH, to take control away from the network operator and give it to the user, and to make inspection harder and more expensive.
In your case as you are the one doing the snooping it is going to make things harder, but that doesn't make DoH bad for users.
When designing a secure protocol you can't make it secure and also make it easy for the network operator to manage and inspect, they are mutually exclusive.
Biting the hand that feeds IT
