Re: It's straightforward to roll your own DNS-over-HTTPS
> But that statement is true whether or not Firefox use DoH.
Yes indeed -- that's rather my point, and my objection to DoH. That it exists as a standard is the problem with it, not that it exists in FF.
> Even if there was no such thing as a DoH spec, Firefox or Cloudflare in existence.
But without DoH, it's simple to detect and filter DNS lookups when they do. If they use a nonstandard, private DNS server to avoid that sort of defense, then it's easy to block all access to that server.
While it was always technically possible to do surreptitious DNS lookups, that there is a standard mechanism to do so now, supported by mainstream DNS providers, means that the number of people actually doing this will grow from "insignificant" to "reasonably common".
> Firefox implementing it means the vast majority of those apps will just let FF do the lookup for them
Yes, but those aren't the apps I'm worried about. I'm worried about ne'er-do-wells, such as martech companies and other spies.