Mozilla Turns On DoH By Default For US Firefox Users

American users of the Firefox web browser have today gained enhanced privacy after the Mozilla Foundation turned on (by default) DNS-over-HTTPS (DoH).

DoH will automatically encrypt website requests for Firefox’s desktop users in the United States, in an effort to bolster the privacy of its users.

Mozilla had announced in September 2019 that it would make DoH a default setting for all desktop users in the United States. But later that same month it disappointed British Firefox users when it confirmed to the British government that it would not enable by default DoH on this side on the pond.

Privacy protection

DoH is not liked by ISPs, security services and the government, as it makes it harder for them to detect the web surfing habits of suspects.

The issue for the British government is that DoH essentially bypasses UK web filters, which use the same technique, hijacking DNS lookups, to prevent easy access to websites blocked by internet service providers.

British users however will still be able to turn on DoH manually by going into the Options menu. Full instructions can be found here.

Just days after Mozilla announced the feature last September, Google said it will start testing DoH in its Chrome browser.

However Google will not turn on DoH for every user, but said it would default to DoH for technical users who have already chosen to switch their DNS provider to companies such as Google, Cloudflare and OpenDNS.

Not bulletproof

Mozilla in a blog post confirmed the DoH feature would begin to be rolled out to American users from Tuesday.

At the moment, when a user connect with a website (say www.mozilla.org), the internet traffic is typically sent over in an unencrypted plain text connection. This allow others to see what websites a person has been visiting, even when the communication with the website itself is encrypted using HTTPS.

And it should be remembered that DoH won’t stop ISP’s for example from carrying out data collection (typically for advertising purposes), but DoH will likely make it more difficult.

It essentially makes it harder for others to see a user’s DNS lookups if DoH has been enabled. Therefore Mozilla says Firefox will offer users a choice of two trusted DNS providers, Cloudflare and NextDNS, and that Cloudflare will be used as the default.

Mozilla has stipulated privacy requirements that any DoH provider must abide by in order to be considered a trusted DNS provider.

“Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users,” said Mozilla. “The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.”

“Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives,” Mozilla said. “We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.”

“We’re enabling DoH by default only in the US,” it added “If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.”

“DoH is just one of the many privacy protections you can expect to see from us in 2020,” it added.

Are you a Firefox fan? Try our quiz!