From 11aa2e291c1377c341d34c0486a743df4394f5dd Mon Sep 17 00:00:00 2001
From: John-Mark Gurney <jmg@funkthat.com>
Date: Tue, 10 Dec 2019 16:13:38 -0800
Subject: [PATCH] add some text about DoH

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 27dd284..3513ee4 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,9 @@
 Privacy for recursive DNS
 =========================
 
-DNS is currently unsecured, and the IETF have only just started attempting to solve this problem, [Signaling That an Authoritative DNS server offers DoT](https://datatracker.ietf.org/doc/draft-levine-dprive-signal/).  DoH doesn't actually solve the problem, it just moves it around.
+DNS is currently unsecured, and the IETF have only just started attempting to solve this problem, [Signaling That an Authoritative DNS server offers DoT](https://datatracker.ietf.org/doc/draft-levine-dprive-signal/).
+
+DoH doesn't actually solve the problem, it just centralizes it.  Currently most [all] of the DoH providers have not undergone a third party audit, so there is no way to verify their claims that they are not logging or sending data somewhere.  Even then, if they receive an NSL or other demand from a government, you will never know about the request.  Most companies do not even notify you about a subpoena to let you have the option to quash it, so DoH just centralizes things making it easier for monitoring.
 
 Even when Authoratative DoT is a thing, there will be plenty of domains that will take years, if not decades before it'll be rolled out.