GitLab

Right now we have DNS over HTTPS (DoH) not enabled in Tor Browser but we should think about whether we should do that. https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ has some good illustration about this feature

Some pros

• it cuts out some potential for messing with DNS queries
• it should help mitigating the DNS proxy leak threat inherent to using a SOCKS proxy
• it might help with the attacks mentioned in "The Effect of DNS on Tor's Anonymity" (https://nymity.ch/tor-dns/tor-dns.pdf) ...

Some cons

• it adds a central party seeing all Tor Browser users's DNS requests (even though a lot of DNS queries (about 40%) go to Google already according to the above mentioned paper that's not 100%)
• it might add latency
• First Party Isolation of the requests and the cache might need to get added ...