Firefox users in US will get DoH privacy protection by default, but UK users will have to manually switch it on
The Mozilla Foundation has told the British government that it won’t enable by default its privacy feature called DNS-over-HTTPS (DoH).
DoH will automatically encrypt website requests for Firefox’s desktop users, in an effort to bolster the surfing habits and privacy of its users.
But the technology will not please ISPs, the security services and the government, as it makes it harder for them to detect the web surfing habits of suspects.
And now Mozilla has told the British government, concerned that the tech could allow for the access of child abuse images and terrorist content, that it has no plans to turn it on by default in the UK.
Mozilla had already announced this month that it will make DoH a default setting for all desktop users in the United States during September – but not for British users.
In a letter sent to Nicky Morgan, the culture secretary and seen by the Guardian newspaper, Mozilla’s VP of global policy, trust and security, Alan Davidson, said it “has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders”.
“We do strongly believe that DoH would offer real security benefits to UK citizens,” Davidson was quoted by the Guardian as writing. “The DNS is one of the oldest parts of the internet’s architecture, and remains largely untouched by efforts to make the web more secure.”
“Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity,” he wrote.
“People’s most personal information, such as their health-related data, can be tracked, collected, leaked and used against people’s best interest,” he added. “Your citizens deserve to be protected from that threat.”
The issue for the British government is that DoH essentially bypasses UK web filters, which use the same technique, hijacking DNS lookups, to prevent easy access to websites blocked by internet service providers.
British users however will still be able to turn on DoH however manually by going into the Options menu. Full instructions can be found here.
It should be noted that Mozilla is not the only browser firm seeking to deploy the technology.
Just days after Mozilla announced the feature, Google said it start testing DoH in its Chrome web browser, starting in October.
Google will not turn on DoH for every user, but said it would default to DoH for technical users who have already chosen to switch their DNS provider to companies such as Google, Cloudflare and OpenDNS.
Are you a Firefox fan? Try our quiz!