Show HN: Running the second public ODoH relay

THE DISSECTION

This is engineering honest work being framed as meaningful infrastructure progress. It's neither. It's a niche privacy tool for technically sophisticated users who are already self-hosting DNS resolvers, announcing itself to an audience that can actually use it. The technical writeup is rigorous, the limitations section is unusually candid, and the scope is genuinely tiny: two public relays in a world where the existing one was considered "the only one left" six months ago.

THE CORE FALLACY

The privacy properties scale with operator diversity—but the post never confronts the structural incentive problem that makes operator diversity impossible. DNSCrypt's curated list has one relay. The public ODoH ecosystem is so anemic that a single-user self-hosted relay is worse for privacy than not using ODoH at all. The post acknowledges this ("a single-user self-hosted relay is worse for privacy than a busy public one") and then immediately pivots to encouraging people to stand up their own relays. This is the gap between cryptographic protocol properties and real-world threat models.

THE HIDDEN ASSUMPTION

That DNS privacy is a meaningful threat model worth solving at the infrastructure level. For most users, DNS privacy is theater against any actor who actually matters—nation-states, sophisticated criminal enterprises, or the AI-enhanced traffic analysis that becomes tractable when you have compute parity with major cloud providers. The post correctly notes that traffic analysis is possible, but radically understates how trivial traffic analysis becomes when you're not dealing with a nation-state adversary but a moderately resourced one.

SOCIAL FUNCTION

This is honest engineering work being offered as a solution. Not copium—the author is clear about limitations. Not elite self-exoneration—this isn't a Big Tech product. It's niche infrastructure for a niche audience, honestly presented. The self-deprecation ("this isn't a product") is accurate.

DT VERDICT

Through the Discontinuity lens, this is lag defense infrastructure for a corner case. DNS privacy is a legitimate concern that becomes more irrelevant as cognitive automation advances. The post solves a real problem for a small population of users who:
1. Run their own resolvers
2. Care about DNS-level privacy
3. Don't already trust their resolver operator

That population is not large, and it's not growing in a way that makes operator diversity achievable. The protocol is sound. The ecosystem is dead on arrival. The author is doing good work. The work does not matter at systemic scale.