Mozilla Strengthens Privacy With DoH Switch On

The Mozilla Foundation has confirmed plans to switch on by default a feature called DNS-over-HTTPS (DoH).

DoH will automatically encrypt website requests for Firefox’s desktop users, in an effort to strengthen the surfing habits and privacy of its users.

But the decision will not please ISPs, the security services and the government, as it will make it harder for them to detect the web surfing habits of suspects.

DNS-over-HTTPS (DoH)

Mozilla confirmed the decision last Friday in a blog posting about making encrypted DNS-over-HTTPS (DoH) the default for its Firefox desktop web browser.

Essentially, DoH makes a browser send a Domain Name System (DNS) request over the encrypted version of the HTTP protocol.

DNS is the tech that makes Silicon UK for example readable for computers, by turning it into an IP address. Computers normally send DNS requests in the clear, which leaves them vulnerable to man-in-the-middle attacks so the attackers can see what websites are being visited or change the DNS request to redirect the user to a malicious website.

Mozilla said that it had begun working on the DNS-over-HTTPS (DoH) protocol since 2017, and since June 2018 it had been been running experiments in Firefox to ensure it didn’t impact performance and the user experience.

“We’ve also been surprised and excited by the more than 70,000 users who have already chosen on their own to explicitly enable DoH in Firefox Release edition,” said Mozilla. “We are close to releasing DoH in the USA, and we have a few updates to share.”

“After many experiments, we’ve demonstrated that we have a reliable service whose performance is good, that we can detect and mitigate key deployment problems, and that most of our users will benefit from the greater protections of encrypted DNS traffic,” said Mozilla. “We feel confident that enabling DoH by default is the right next step. When DoH is enabled, users will be notified and given the opportunity to opt out.”

Fallback mode

Mozilla said that even though it will switch on the DoH feature by default (users will have an opt-out), it will respect the user’s choice for opt-in parental controls and disable DoH if we detect them.

It will also respect enterprise configuration and disable DoH unless explicitly enabled by enterprise configuration.

“We’re planning to deploy DoH in ‘fallback’ mode; that is, if domain name lookups using DoH fail or if our heuristics are triggered, Firefox will fall back and use the default operating system DNS,” said Mozilla. “This means that for the minority of users whose DNS lookups might fail because of split horizon configuration, Firefox will attempt to find the correct address through the operating system DNS.”

Mozilla is planning to “gradually roll out DoH in the USA starting in late September.”

If that goes well, it will then inform the world when it is ready for 100 percent deployment.

Earlier this month Firefox 69 arrived and began automatically blocking third-party tracking cookies and cryptomining, as well as delivering performance improvements for Windows 10 users.

Are you a Firefox fan? Try our quiz!