Mozilla is activating DNS over HTTPS (DoH) by default for all Firefox users in the U.S., nearly two years after the company first started testing the protocol.
DoH, for the uninitiated, is a standard proposed by the Internet Engineering Task Force (IETF) that promises improved privacy and security by preventing third parties — such as internet service providers (ISPs) — from seeing what websites users are visiting. As things stand, when someone enters a web address into their browser’s address bar, a request is sent across the internet for the IP address associated with that URL. This is traditionally done in plain text, which makes it vulnerable to eavesdropping or manipulation.
“Because there is no encryption, other devices along the way might collect (or even block or change) this data too,” said Selena Deckelmann, VP for Firefox desktop product development. “DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.”
With DoH, however, the domain name is broadcast using an HTTPS connection to encrypt the data — making it harder for outsiders to see which websites users are trying to access.
The DoH protocol isn’t without controversy, though. While its intentions may be to thwart bad actors, critics argue that it will also break many of the filtering systems used to prevent easy access to illegal content, such as terrorist materials, child abuse imagery, and even optional parental control tools. Indeed, many internet blocking services offered by ISPs rely on the same methods that bad actors use — essentially, hijacking domain name system (DNS) lookups.
The Internet Service Providers Association (ISPA), a U.K. body representing ISPs in the country, last year declared Mozilla an “internet villain” for its support of DoH, and Mozilla later announced that it would not activate DoH by default in the U.K. until there was “further engagement with public and private stakeholders.”
It’s worth noting that Firefox users everywhere can manually activate DoH through the browser’s settings menu, with two DNS providers — Cloudflare and NextDNS — available as “trusted resolvers” due to their adherence to DoH policy requirements. But the reality is that most users won’t manually activate this feature, which is why turning it on by default is such a big deal.
For context, Google is also currently in the process of implementing DoH in Chrome, and as of Chrome 78, which it launched last year, the internet giant has used DoH for some users when certain criteria is met.
While Mozilla has been testing DoH in Firefox for some users in recent months, the big rollout begins from today and will continue over the next few weeks to “confirm no major issues are discovered,” Deckelmann said.