Mozilla is activating DNS over HTTPS (DoH) by default for all Firefox users in the U.S., nearly two years after the company first started testing the protocol.
DoH, for the uninitiated, is a standard proposed by the Internet Engineering Task Force (IETF) that promises improved privacy and security by preventing third-parties — such as internet service providers (ISPs) — from seeing what websites users are visiting. As things stand, when someone enter a web address into their browser’s address bar, a request is sent across the internet for the IP address associated with that URL — this is traditionally done in plain text, which makes it prone to eavesdropping or manipulation.
“Because there is no encryption, other devices along the way might collect (or even block or change) this data too,” according to Selena Deckelmann, VP for Firefox desktop product development. “DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.
With DoH, however, this broadcasts the domain name using an “HTTPS” connection to encrypt the data — this makes it harder for outsiders to see what websites users are trying to access.
The DoH protocol isn’t without its controversies though. While its intentions may be to thwart bad actors, critics argue that it will also break many of the filtering systems used to prevent easy access to illegal content, such as terrorist materials, child abuse imagery, and even optional parental control tools. Indeed, many internet blocking services offered by ISPs rely on the same methods that bad actors use — essentially, hijacking domain name system (DNS) lookups.
The Internet Service Providers Association (ISPA), a U.K. body representing ISPs in the country, last year declared Mozilla an “internet villain” for its support of DoH, and Mozilla later announced that it would not activate DoH by default in the U.K. until there was “further engagement with public and private stakeholders”.
It’s worth noting that Firefox users everywhere can manually activate DoH through the browser’s settings menu, with two DNS providers — Cloudflare and NextDNS — available as “trusted resolvers” due to their adherence to the DoH policy requirements.
For context, Google is also currently in the process of implementing DoH in Chrome, and as of Chrome 78, which it launched last year, the internet giant has used DoH for some users when certain criteria is met.
While Mozilla has been testing DoH in Firefox for some users in recent months, from today the big rollout begins and will continue over the next few weeks to “confirm no major issues are discovered,” Deckelmann said.