Mozilla Firefox has activated a new feature that is intended to provide more privacy. From now on, the so-called DNS-over-HTTPS (DoH) protocol will be used.
The popular Firefox browser will be using a new protocol in the future. The DNS-over-HTTPS (DoH) protocol is designed to provide more privacy when surfing. Background: When a user wants to open a website, the browser must convert the entered URL into a numerical IP address. For this process, the browser establishes a connection to your domain name server (DNS), which is basically a database consisting of domain names and the corresponding IP addresses. However, this DNS search is carried out in plain text and can therefore be logged and used for advertising purposes, even if the server visited HTTPS used, so the connection is encrypted. To close this gap and increase data protection, i.e. to encrypt the domain search, Firefox wants to use the DoH protocol (DNS-over-HTTPS) as the standard from now on. This is how Mozilla explains in its own blog:
A little over two years ago, we started updating and making more secure one of the oldest parts of the Internet—the Domain Name System (DNS). To explain our motivations, let's briefly describe how the system worked before DoH: DNS is a database that associates a human-readable name (for example, www.mozilla.org) with a computer-friendly string of numbers called an IP address (for example, 192.0.2.1). By performing a DNS lookup in this database, your web browser is able to find web pages for you. Because of the decades-old design of DNS, browsers previously performed this web page lookup without encryption—even for pages encrypted with https://.
“Devices can collect, block or modify user data”
Mozilla then goes on to explain the reasons behind this and the risks associated with unencrypted DNS lookups. The blog post states:
The lack of encryption allows other devices to collect or even block and modify user data. DNS lookups are forwarded to servers that can spy on your browsing history without informing you or publishing policies about what they do with that information. In the early days of the Internet, such threats to user privacy and security were known but not exploited. Today, we know that DNS is not only vulnerable to spying, but the vulnerabilities are actively exploited.
Manual conversion possible
Although the DNS-over-HTTPS (DoH) protocol has a good reputation overall, it is currently not 100 percent protection, as it has some gaps that are viewed critically. But in general it is a big step towards more privacy. According to Firefox, the new protocol is currently being rolled out in the USA. While it is automatically set as the default for US users, users outside the USA have to configure the whole thing manually.
Today, Firefox began rolling out encrypted DNS over HTTPS (DoH) as the default for users in the US. The rollout will be gradual over the next few weeks to ensure no major issues arise while the new protocol is rolled out to Firefox users in the US.
So if you want to use the DoH protocol, you have to select DNS-over-HTTPS in the settings under "General" in the "Connection settings" section. The requests then run via Cloudflare by default, but NextDNS is also available as an alternative. According to the article, the company is working on making DoH available in other regions and adding other providers as trusted DNS resolvers to its own program. (Photo by Skorzewiak / Bigstockphoto)
