In an effort to further protect the privacy of its users online, Firefox has begun rolling out encrypted DNS over HTTPS (DoH) by default for US-based users.
The rollout will continue over the course of the next few weeks as Mozilla works to confirm that no major issues are discovered as US Firefox users begin to use the new protocol.
A little over two years ago, the company began working to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). DNS links web addresses to IP addresses and when browsers need to perform a DNS lookup, unfortunately they have to do so without encryption.
- Firefox set to ban fingerprinters
- Safari introduces more stringent HTTPS rules
- Surfshark launches free Trust DNS app
In a blog post (opens in new tab), former principal engineer at Mozilla, Patrick McManus explained why DNS lookups can jeopardize your privacy online, saying:
“DNS hails from the days of a kinder, more gentle Internet where it was normal to make this kind of query using unencrypted protocols and send them to any nearby server who claimed to be able to answer it. This approach is no longer a fit for the modern Internet. Because there is no encryption, other devices along the way might collect (or even block or change) this data too. DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.”
DNS over HTTPS
Given that now we know that unecrypted DNS is not only vulnerable to spying but is also being exploited by cybercriminals, Mozilla is working to help the internet make the shift to more secure alternatives.
The Firefox maker is now performing DNS lookups in an encrypted HTTPS connection to help hide your browsing history from attackers as well as to prevent data collection by third parties. Since Mozilla's work on DoH began, many other browsers have followed suit by announcing their own plans to support DoH.
At this time, DoH by default is being enabled by Firefox only in the US. However, if you're outside of the US and would like to enable DoH, you can do so by going to Firefox's network settings. By default, this change will send your encrypted DNS requests to Cloudflare but you also have the option to choose to use NextDNS instead.
Mozilla plans to enable DoH in other regions and the company is also working to add more DNS providers as trusted resolvers to its program.
- Also check out our complete list of the best VPN services