From the articles I have been reading, this really doesn't stop the ISP
from seeing what sites you are visiting.
To quote one article:
"DOH DOESN'T ACTUALLY PREVENT ISPS USER TRACKING
One of the main points that DoH supporters have been blabbing about in
the past year is that DoH prevents ISPs from tracking users' DNS
requests, and hence prevents them from tracking users' web traffic habits.
Yes. DoH prevents the ISP from viewing a user's DNS requests.
However, DNS is not the only protocol involved in web browsing. There
are still countless other data points that ISPs could track to know
where a user is going. Anyone saying that DoH prevents ISPs from
tracking users is either lying or doesn't understand how web traffic works.
If a user is accessing a website loaded via HTTP, using DoH is
pointless, as the ISP will still know what URL the user is accessing by
simply looking at the plaintext HTTP requests.
But this is also true even if users are accessing HTTPS websites. The
ISPs will know to what site the user is connecting because the HTTPS
protocol isn't perfect, and some parts of the HTTPS connection are not
encrypted.
Experts say that ISPs won't be inconvenienced by DoH, at all, because
they can easily look at these HTTPS portions that are not encrypted --
such as SNI fields and OCSP connections.
DoH encrypts precisely zero data that is not already present in
unencrypted form. As it stands, using DoH only provides *additional*
leaks of data. SNI, IP addresses, OCSP and remaining HTTP connections
still provide the rest. It is fake privacy in 2019.
— Bert Hubert 🇪🇺 (@PowerDNS_Bert) September 22, 2019
Furthermore, ISPs know everything about everyone's traffic anyway. By
design, they can see to what IP address the user is connecting when
accessing a website.
This IP address can't be hidden. Knowing the final IP destination
reveals to what website a user is connecting, even if everything about
his traffic is encrypted. Research published this August showed that a
third-party can identify with 95% accuracy to which websites users were
connecting just by looking at IP addresses.
Any claims that DoH prevents ISPs from tracking users are disingenuous
and misleading, experts argue. DoH merely inconveniences ISPs by
blinding them to one vector, but they still have plenty of others."
This is from:
https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/#:~:text=DoH%20doesn't%20actually%20prevent%20ISPs%20user%20tracking,-One%20of%20the&text=DoH%20prevents%20the%20ISP%20from,protocol%20involved%20in%20web%20browsing.&text=DoH%20encrypts%20precisely%20zero%20data,*additional*%20leaks%20of%20data.
This is just one article that talks about this. It is one of many. I
wouldn't count on DoH hiding your browsing. If you want to do that you
should probably use a VPN.
Bill
--
If you want to send me an email, you must remove "NOSPAM" from my email
address before replying.