Firefox switches on encrypted DNS over HTTPS by default for US-based users

Posted on Wednesday, Feb 26 2020 @ 13:30 CET by Thomas De Maesschalck
Firefox logo
Mozilla announces it's starting its rollout of DNS over HTTPS (DoH) for US-based users of Firefox. Over the next couple of weeks, the browser maker will expand the rollout to confirm no major issues are discovered as this new protocol gets switched on by default.

Most web traffic has moved to encrypted communication over the past decade or so, but DNS requests still use plain-text. By moving DNS to an encrypted channel, Internet service providers and governments will have a more difficult time to spy on your browsing history.

The downside of DoH is that it means a centralization of DNS. To make DoH possible, Firefox is currently working with two "trusted resolvers:" Cloudflare and NextDNS.
At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet. Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.
If you don't live in the US, you can switch on DoH manually in Firefox:
We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.
The Register says there's some controversy here as Mozilla is basically saying "we decided it is best that you send all your DNS queries to Cloudflare". You gain some privacy and security on one hand, but there are some compromises. Google has no plan to follow Mozilla's approach. Instead, the search giant plans to implement DoH only if the configured DNS server supports it.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments