Has anyone played with ODoH? Relying on Cloudflare for the recursive resolving but being able to be anonymous to it sounds like a pretty great compromise between performance and anonymity. I see there’s a server up at https://github.com/cloudflare/odoh-server-go
It’s on my todo list to investigate but I’m wondering if any of you nerds beat me to it.
From what I understand, ODoH is basically DoH behind a TCP proxy.
The problem with ODoH is that, from the user’s perspective, it is indistinguishable from DoH. So I don’t really see the difference between CloudFlare promising “we don’t log your data, honest!” or “we’re running a TCP proxy in front, honest!”; in both cases you trust them with your data and you can’t verify that they’re being honest.
Running that TCP proxy yourself proves that there is one, but it only provides privacy if many people use it. If you only run it on localhost, you’re the only user, and it’s no different from contacting the CloudFlare DoH service directly.
It’s definitely more than a proxy in that the layered encryption means both the proxy and Cloudflare would have to collude to expose my data. Neither party alone has all the information. That’s a neat way of handling this problem.
And yeah running my own proxy would have that problem, that’s worth pointing out. I’d probably run it in the cloud though, and not locally. And I’d probably get others to use it.