Still waiting for your argument for how it's worse. The way I see it it's at the very least no worse, but in practice much better for most people. I have an open-mind on the subject, convince me.
I'm confused, because I've already presented my argument. Here it is again:
Hiding your DNS requests from the ISP is pointless. The ISP sees where your traffic is going. This the result of those DNS requests. It doesn't matter that they didn't see the actual DNS request; they see what the answer was. They know what sites (DNS addresses) you are visiting.
So sending your DNS requests to a 3rd party (multiple ones in the recent RR version proposed!) simply spreads wider the folks that can profile your traffic. As unrelated 3rd parties, those people would otherwise have had no idea where you, private citizen, were sending traffic. Now you have explicitly told them. You have given up privacy, not enhanced it.
Please keep in mind, I'm not arguing against DoH wholesale. Just that it is worse for privacy. The primary consensus argument in favor of DoH is about privacy, which is flat out wrong.
They see the destination IP you are connecting to, usually behind one IP is only one web site. ESNI doesn't matter unless you are connecting to a site on a shared host.
That's true, that will leak either way.
> DoH is strictly worse.
Still waiting for your argument for how it's worse. The way I see it it's at the very least no worse, but in practice much better for most people. I have an open-mind on the subject, convince me.