Comcast and Mozilla strike major privacy deal

After a nasty and public dispute over privacy, the makers of Firefox and the United States’ largest ISP are finally joining forces.

What’s it all about? Here’s how it went:

Earlier this year, Mozilla rolled out encrypted DNS over HTTPS (DoH) by default for all U.S.-based Firefox browsers. Firefox users can use this protocol by default while surfing the web, meaning their web traffic is fully encrypted.

The technology blocks third-party interception and prevents Internet Service Providers from maintaining visibility over users’ activity. To accomplish this, Firefox started routing users’ web traffic to DNS servers hosted by either Cloudflare or NextDNS instead of servers hosted by ISPs or networking companies.

ISPs didn’t like this and cried foul. In a significant development, the United States’ largest ISP is joining the party.

Mozilla just announced a partnership with Comcast, in which the massive internet service provider will allow encrypted DNS lookups on the Firefox browser.

Comcast is agreeing to turn on encrypted DoH by default for Firefox users on its broadband network, which brings internet service to more than 26 million subscribers.

If they choose, Firefox users on Comcast can still switch to servers hosted by others like Cloudflare or NextDNS, which were already part of Mozilla’s Trusted Recursive Resolver (TRR) program.

“Comcast has moved quickly to adopt DNS encryption technology and we’re excited to have them join the TRR program,” said Eric Rescorla, Firefox CTO. “Bringing ISPs into the TRR program helps us protect user privacy online without disrupting existing user experiences. We hope this sets a precedent for further cooperation between browsers and ISPs.”

These privacy-focused moves typify the approach Mozilla has taken in recent years to fine-tune and differentiate its Firefox browser from a host of competitors like Google Chrome and Microsoft Edge.

However, Mozilla’s shift to DoH angered ISPs, who in the UK previously branded the company an “internet villain” for simply considering implementing the protocol.

That’s why it took some time for Comcast and Mozilla to join forces. Comcast was reluctant because DNS lookups are one of the key methods ISPs deploy when implementing tools like web blockers. DNS lookups are often sent to servers that can allow third-parties to gain access to users’ search and browsing history without their knowledge.

The tech website Ars Technica detailed how Mozilla and Comcast had previously fought over DNS plans. Comcast’s lobbyists complained to Congress about Mozilla’s plans for Firefox. Mozilla in turn accused ISPs of lying to Congress to spread confusion and criticized Comcast specifically.

That’s all in the past now.

“We’re proud to be the first ISP to join with Mozilla to support this important evolution of DNS privacy,” said Jason Livingood, Comcast’s VP of technology policy and standards. “Engaging with the global technology community gives us better tools to protect our customers, and partnerships like this advance our mission to make our customers’ internet experience more private and secure.”