, 11 tweets, 6 min read Read on Twitter
@neil_neilzone 1/ I'm with you, but I am also not with you; literally, it's a matter where I am torn, and where (I suspect) the answer requires to be drilled into the browser.

The problem is (as-ever) an all-or-nothing digital question: do you want to respect the end-to-end principle?
@neil_neilzone 2/ You & I are both fans of Onion addressing, and in that we know that there is no DNS step at all — but do you fret about applications calling-out to Onion addresses? Probably not, because they (a) are rare and (b) generally are used to OFFER the capability of disintermediation.
@neil_neilzone 3/ Part of the value proposition of Onion addresses is that third parties (including you) cannot fiddle with them; but then why should we not extend this capability to DNS? Make DNS both authoritative and tamperproof?

Well, that's what you're railing against, now.
@neil_neilzone 4/ The question, per Humpty Dumpty, is "who is to be master?" — PiHole, for instance, is apparently both nice and, but a protocol which lets "the state" knock other websites off the internet, is not so much.
@neil_neilzone 5/ My experience with lawmakers is that they say "this is addressable with technology, we shall simply bind the state from doing <bad thing> and carry on!" — but that's a bit shit, it's like binding the state from surveillance. Doesn't actually work. What _works_ is E2E.
@neil_neilzone 6/ So, what we need is (alas) *end-clients* which provide the desired controls to individuals, because any facility for being a "man in the middle" can and will be abused.

We need better browsers/platforms, under "our" control.
@neil_neilzone 7/ If it helps, consider that a lot of bad stuff could simply work by embedding IPv4 raw network addresses (cf: onion _addresses_) into the websites, and simply sail past DNS-filters of yours or anyone else's kind.
@neil_neilzone 8/8 We use DNS because of historical accident, to support use of human-accessible symbolic names for IPv4 endpoints in a space of network endpoint scarcity.

We're mostly past that, now. The future is E2E, again.

<fin/>
@neil_neilzone @threadreaderapp 9/8>So I don’t think I’m against DoH, but rather not being able to control which resolver I use

…even if you can control which resolver you use, you can't control which resolver *they* use, and so forth up the stack.

Not to mention outright tampering.

@neil_neilzone @threadreaderapp 10/8 …this is why (elsewhere) I promote DNS-over-HTTPS-over-Onion, direct to a bland and fairly neutral third party (Cloudflare) as a potential way to defeat in-country DNS surveillance & blocks
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Alec Muffett
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!