Skip to main content

Controversial Firefox privacy tool won't be standard in the UK, Mozilla tells government

Firefox
(Image credit: Shutterstock)

Mozilla won't make Domain-over-DNS (DoH) encryption the default option for Firefox users in the UK, despite planning to roll it out throughout the US very soon.

When you type a URL into your browser's address bar, the browser sends a request to a DNS server, which matches it to an IP address. Usually this request is sent in plain text, but with DoH, it's encrypted. This prevents the request being hijacked and stops you being sent to a different site from the one you wanted.

This has obvious security benefits, stopping you being sent to a spoofed version of the site where your data could be harvested for example, but it also breaks centralized filters used by UK ISPs to prevent access to specific illegal websites – particularly those related to child abuse.

According to The Guardian, Mozilla is keen to allay any fears, and has told the UK government that it doesn't intend to make DoH the default there.

In a letter to UK culture secretary Nicky Morgan, Mozilla's vice-president of global policy, trust and security Alan Davidson wrote that the company "has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders".

Circumventing filters

However, Davidson was also keen to point out the potential benefits of DoH for users in the UK. “Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity," he wrote.

It's not an argument that will convince the Internet Watch Foundation (IWF), which provides ISPs with a list of illegal websites to be filtered.

"The implementation of DNS over HTTPS could render the service obsolete, allowing already identified criminal material to be freely accessed by those with a sexual interest in children and risking millions of internet users across the globe seeing such content," an IWF spokesperson told The Register.

Mozilla will be putting safeguards in place, though. When DoH becomes the default for Firefox users in the US, it will be turned off if the browser detects any parental controls enabled in the operating system.

Mozilla is also creating a 'canary domain', which ISPs can add to their list of blocked URLs. If Firefox detects that the canary domain is blocked, meaning that optional parental controls are enabled, it can switch off DoH.