• mipadaitu@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      8 months ago

      That solves a completely different problem. The ISP can still see who you requested data from.

      That’s more about security around retrieving the correct IP address from a DNS query, and doesn’t do that much for privacy.

      • ShortN0te@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        DoT also encrypts the request, so the ISP cannot spy on the Domain Name you have requested.

        And thanks to Https the ISP only sees the IP address which cannot in every case be resolved to a unique Domain, especially large sites that are hosted on service providers like Cloudflare, amazon etc etc

        • Darkassassin07@lemmy.ca
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          8 months ago

          But what’s not encrypted by either is the Server Name Indicator or SNI, ie: the initial request to a webserver stating which host you’re trying to reach at that IP, before establishing the TLS connection, contains the domain you’d requested via DoH/DoT, in plaintext.