Starting today, Mozilla will turn on DNS encryption by HTTPS (DoH) by default for Firefox users in the United States. DoH is a new standard that encrypts a portion of Internet traffic that is typically sent over an unencrypted plain text connection, and allows others to see the website you’re visiting even if you use HTTPS to encrypt communications with the site itself. Mozilla says it’s the first browser to support the new standard by default and will roll out gradually in the coming weeks to address any unexpected issues.
Whenever a user enters a website address in the address bar, the browser performs a procedure to convert it to an IP address using DNS lookups. However, this traffic is usually not encrypted, which means that others can view the website sit on the user’ website. DoH tries to encrypt this information to protect your privacy. Part of Mozilla’s motivation for this approach comes from ISPs that monitor customer network usage. U.S. carriers such as Verizon and AT?amp;T are building large-scale ad-tracking networks to collect customer data through unencrypted DNS.
Although it is difficult for others to view your DNS lookups with DoH enabled, the DNS servers to which the user’s browser is connected can still see these sites. As a result, Mozilla says Firefox will provide two trusted DNS providers (Cloudflare and NextDNS) and Cloudflare will be used as the default. Mozilla outlines a number of privacy requirements that any DoH provider must comply with to be considered a trusted parser.
Mozilla claims DoH can improve the privacy and security of online users, but the technology has been sharply criticized by lawmakers and security experts, who say it would prevent corporate system administrators and lawmakers from legally blocking dangerous Web content. Experts also claim that the technology does not provide the perfect privacy protection sprofies that supporters claim. They warn that only if certain parts of the DNS search process are encrypted, Internet service providers will still be able to view the IP addresses their users are connected to.