My point about Chrome is not that it can’t do DoH but by default it doesn’t so relies on the system settings which for the vast majority of users (not us geeks who explicitly opt in) never change and use ISP supplied values so DNS snooping is still a thing for the majority.
Should a browser override system settings? That’s another question, because doing so can impact other things for the avg Joe. For example my mobile providers self serve website plays up when I use custom DNS, free hotspots with captive portals also can be an issue when you override the DNS provided by the access point.
I understand your point, but anyway, no app, no browser should ever think that "it knows better" and attempt to fix what it considers incorrect. It may think that it protects the user, but in reality, it will break what the user configured. Private DNS zones are common, and if the browser ignores user configured DNS, they will break. And as I wrote elsewhere, just because the machine is configured to use 53/udp for a resolver, it doesn't mean that the resolver is forwarding over 53/udp too.
If you want to solve unsafe defaults, this is not the way. Pushing for configuring safe defaults is.
If a general purpose browser can empower hundreds of millions or even billions of regular users with better privacy (and ultimately, security) by making a change that might disrupt a small handful of power users who manually configure this stuff, I say the browser should go for it. The power users are the very people who can, without much effort at all, reconfigure their stuff, or easily find a special purposed browser, so they'll be just fine.
Spock was right, logic clearly dictates that the needs of the many outweigh the needs of the few.
The problem I fear is the needs of the few who are not technology minded, don't want their browser (or in their eyes their internet connection) to stop working because their ISP issued router uses a DNS based captive portal to onboard people (I've seen this used by atleast one major ISP in the UK to on-board devices onto their per-device content filtering system - BT, however I think they rolled back on that after it was caused issues with IOT devices).
However I believe (not read the docs in a while) FireFox works around this by falling back to DNS if an issue with DoH is detected.
EDIT: However I'm still on the fence if it should be a browser decision. Yes browsers move more quickly then OS & ISP changes and can make things better for the masses quickly, but i'm also wary of those changes screwing up the avg person, the people like my mother who can just about order things online via her ipad but thats about it, if she accidentally lowers the screen brightness of her ipad I soon get a call about it. Its for those kind of people I don't like the idea of a browser messing around with a connection in unknown network conditions.
> If a general purpose browser can empower hundreds of millions or even billions of regular users with better privacy
This statement makes a huge assumption, that the DoH provider is more trustworthy than your existing DNS provider. Personally, I trust my ISP (Small, locally owned) with my query history than I trust Google (Massive, exploitative advertising company). The fact that Google is automatically turning this on to scoop up DNS information without users consent should be illegal.
…, I get the "wrong" IP for anything hosted by Akamai (i.e. an IP address that corresponds to a part of their CDN which has abysmal peering with my ISP and is completely unusable in the evening)
Even if you are using DoT, the DNS provider will still know you're using Maps if it resolved the subdomain, and the DNS provider itself might well be the biggest privacy threat here.
