It's not that simple, with asymmetric key encryption like HTTPS (which uses TLS), traffic can only be decrypted by the receiving party who has the "private key".
DNS is the way your browser figures out what server to connect to when you type in "thedonald.win" or "google.com" - basically like if you told someone to visit "McDonalds" they'd have to look up the actual address first
HTTPS - Hypertext Transfer Protocol (secure)
HTTPS is one way (and the most common way) for your browser to communicate with a web server. Every web server uses HTTP (the insecure / old variant) or HTTPS.
Normally, DNS is unencrypted when it is sent over the internet, so theoretically the network owner at a company, or your ISP could read that DNS request, block it, and/or see what website you're trying to visit.
DNS over HTTPS is a new standard that encrypts DNS requests so nobody except for the DNS server (basically the address book) can see what website you're trying to visit.
With a combination of DNS over HTTPS and HTTPS to the actual web server itself, there is no way for the network owner or an ISP to determine what website you're visiting, or to try to block access to the websites you're visiting without blocking access to the internet completely.
Please note although they mention Cloudflare a lot in that article, DNS over HTTPS is not a proprietary technology and it's not exclusive to Cloudflare.
No need really with DoHTTPS enabled on your browser and HTTPS there's no point to a VPN.
It's not that simple, with asymmetric key encryption like HTTPS (which uses TLS), traffic can only be decrypted by the receiving party who has the "private key".
That would be a massive security risk, most of the time devices are not configured to read PAC files automatically, if that's what you're talking about. Even if it were, in most browsers and OSes, it's a simple change from "automatic" to "off", for example in Firefox: https://support.securly.com/hc/en-us/articles/360041171654-How-to-disable-proxy-settings-in-Mozilla-Firefox-
What’s DoHTTPS and HTTPS?
DoHTTPS: DNS over HTTPS.
DNS is the way your browser figures out what server to connect to when you type in "thedonald.win" or "google.com" - basically like if you told someone to visit "McDonalds" they'd have to look up the actual address first
HTTPS - Hypertext Transfer Protocol (secure)
HTTPS is one way (and the most common way) for your browser to communicate with a web server. Every web server uses HTTP (the insecure / old variant) or HTTPS.
Normally, DNS is unencrypted when it is sent over the internet, so theoretically the network owner at a company, or your ISP could read that DNS request, block it, and/or see what website you're trying to visit.
DNS over HTTPS is a new standard that encrypts DNS requests so nobody except for the DNS server (basically the address book) can see what website you're trying to visit.
With a combination of DNS over HTTPS and HTTPS to the actual web server itself, there is no way for the network owner or an ISP to determine what website you're visiting, or to try to block access to the websites you're visiting without blocking access to the internet completely.
We need more of this stuff here.
In what form? Should I make a thread maybe?
Here's some more info if you're interested: https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
This may explain it better than I did.
Please note although they mention Cloudflare a lot in that article, DNS over HTTPS is not a proprietary technology and it's not exclusive to Cloudflare.
Bookmarked.