Mozilla has announced that it has turned on DNS over HTTPS (DoH) by default for its Firefox browser in the US. The DoH standard encrypts the DNS part of your internet traffic which otherwise is plaintext and could theoretically be intercepted by hackers.
DNS (or Domain Name Service) is an old part of internet architecture. DNS lookups are performed after you enter a readable site query, e.g. www.techadvisor.co.uk. Mozilla asserts that “DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.”
The DoH protocol encrypts both the DNS lookup before you reach the secure HTTPS site, meaning your lookup data is protected from potential interception.
“At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet,” Selena Deckelmann, VP, Firefox Desktop Product Development said in the announcement.
“Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives […] This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.”
The news is controversial as some lawmakers and industry groups have argued it makes it harder for them to block dangerous websites and have voiced their protest.
DoH is on the latest build of Firefox and is turned on by default in the US only. Users in the rest of the world can turn it on manually by going to Settings, General, Network Settings, and can select which of the two trusted DNS servers to use that Mozilla recommends, either CloudFlare or NextDNS. Both should function identically.
Google Chrome and Microsoft Edge allow you to turn on DoH but they make it really tricky. ZDNet has a great guide to help you do it. Apple’s Safari does not yet support the option.