This only affects dns. If you are worried about carriers BT and TalkTalk then your need a VPN as the carrier could be snooping on the data between AA and you.
Those of us who have Firebrick routers could use IP over PPP LCP in the Firebrick to talk to AA if we can persuade AA to turn this protocol on at their end. It’s only obfuscation so a very weak encryption of the traffic but it would be enough to confuse a carrier who is doing mass surveillance but no good if your data is sensitive or if you’re being targeted specifically. This would be faster than DoT if you don’t mind about it not being secure as it doesn’t use TCP so no connection setup time. Also no RAM usage in the form of per TCP connection state info in the AA servers, so it’s more massively scaleable by comparison. I have suggested this to AA as an option.
@underzone AA is uncensored anyway. I don’t understand the point about Pirate Bay etc. Are these ‘blocked’ by interferce with DNS? AA’s DNS servers will be giving you the unfiltered DNS anyway. I’m assuming that the likes of BT would be ‘blocking’ such sites by delisting entries in the BTs own DNS servers, but if you are an AA customer then you are using AA’s DNS servers (unless you have actively chosen otherwise) which are uncensored, and not using BT’s servers anyway, so there is no improvement as AA is uncensored anyway. Or are you thinking that BT filters out DNS requests in IP in PPP frames going to AA ? I don’t believe for one minute that BT tampers with PPP traffic of any sort, DNS requests included, and so I don’t see why you would experience DNS-based ‘blocking’ when using AA anyway.
Of course if a website is supposedly ‘blocked’ by DNS censorship, either censored servers belonging to some ISP or by filtered DNS traffic in transit through a carrier, then it is not really blocked, it’s just that clueless users will think it is because they don’t know how to reconfigure their DNS server choices, or if necessary use encryption - eg with a VPN - to prevent filtering.
@grahamb no you certainly will need a VPN still if you are not using AA. If you are using AA then you can trust AA so you don’t need a VPN unless you are concerned about the lack of encryption protection your data in transit outside AA, between you and AA and beyond AA over the rest of the internet. So if you need a vpn now then this won’t make any difference, and is a waste of time as you’re already fully protected anyway and DoX is going to slow your uncached DNS lookups down slightly too.