This is why technologies like DoH and DoT are needed. To prevent this kind of tampering.
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
Everybody should be using DNS over HTTPS (DoH) or over TLS (DoT) nowadays. Clear DNS is way too easy to subvert and even when it's not being tampered with most ISP snoop on it to compile statistics about what their customers visit.
DoH and DoT aren't a full-proof solution though. HTTPS connections still leak domain names when the target server doesn't use Encrypted Hello (ECH) and you need to be using DoH for ECH to work.
Even if all that is in place, a determined ISP, workplace or state actor can identify DoH/DoT servers and compile block lists, perform deep packet inspection to detect such connections regardless of server, or set up their own honey trap servers.
There's also the negative side of DoH/DoT, when appliances and IoT devices on your network use it to bypass your control over your LAN.