Mozilla’s Firefox browser has begun to encrypt domain names by default.
This will ensure that a user’s website browsing history cannot be accessed by third parties without either informing the user or publishing a policy about what they do with that information.
“We’re basically saying FU to attackers on the network and 3rd parties who have access to data that ties your computer to the sites you visit,” Firefox said, rather colorfully, in a tweet announcing the feature.
Although the announcement was made this week, this has been in the works for a while now. “A little over two years ago,” Mozilla says, “we began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS).”
“Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives.”
Since our work on DoH began, many browsers have joined in announcing their plans to support DoH, and we’ve even seen major websites like Facebook move to support a more secure DNS.Selena Deckelmann, Mozilla
“Today the requests from your browser to the DNS provider are not encrypted (which makes you vulnerable to passive monitoring by strangers) nor authenticated (which makes you vulnerable to online attackers),” said Kenji Baheux, Chrome Product Manager.
“This is especially true when you’re connected to public WiFi, for example at a cafe or airport, since anyone else using the network can see and track the websites you visit and maybe redirect your browser to a malicious website.”
And while this may seem like an esoteric battle over technical details, it’s actually a tooth-and-nail struggle over privacy, security, and, most of all, power. Many Internet service providers are displeased by the change.Robert Hackett, Fortune
Several telecom trade groups have already urged Congress to investigate Google for “unilaterally moving forward with centralizing encrypted domain name requests within Chrome and Android.” They believe these changes will consolidate Google’s power, at the expense of other companies.
Britain’s leading telecom trade group, the ISPA, has branded Mozilla an “Internet villain” for their proposed approach to introduce DNS-over-HTTPS.
On the other hand, consumer advocacy groups including Electronic Frontier Foundation, Consumer Watchdog and National Consumers League argue that the shift toward encrypted domain names would help protect privacy.
“A long-overdue technological shift toward online privacy is underway,” the groups wrote to Congress.
“We see DoH as part of an important trend toward the greater use of encryption on the Internet— remedying a situation in which all sorts of sensitive user data were exposed to an enormous range of eavesdroppers.”
Mozilla is rolling out its encrypted lookups feature by default only to US-based users, for now. Users who live outside the US can enable it by going to Firefox’s settings and clicking General > Networking Settings > Settings and checking the “Enable DNS over HTTPS” box.
Although DoH will be enabled by default in the US, Firefox confirms users can choose not to use the feature. Also, DoH will be enabled for users in “fallback” mode. For example, if the domain name lookups that are using DoH fail for some reason, Firefox will fall back and use the default DNS configured by the operating system.
For those interested in exactly how DoH protects users’ browsing history, Mozilla links to an in-depth explainer by Lin Clark.