Firefox activates DNS over HTTPS for US users by default

Mozilla has begun the rollout of encrypted DNS over HTTPS (DoH) by default for all its US-based Firefox users after working for years to upgrade the Domain Name System (DNS) protocol.

Over the next few weeks, Firefox users will be able to use the DoH protocol by default while surfing the web, meaning their web traffic will be fully encrypted. This technology blocks third-party interception and also prevents Internet Service Providers from maintaining visibility over users’ activity.

DNS, which remains unchanged since the 80s, has been long-considered an insecure protocol that, while fundamental to the internet’s structure, allows for threats such as man-in-the-middle attacks.

The archaic database links a URL to an IP address, with browsers able to identify the websites for users by matching the two when a query is made. Because there is no encryption, however, other devices may intercept these queries and potentially collect this data.

DNS lookups are often sent to servers that can allow third-parties to gain access to users search and browsing history without their knowledge. It’s one of the key methods that ISPs deploy when implementing tools like web blockers.

“Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives,” Mozilla said.

“We do this by performing DNS lookups in an encrypted HTTPS connection.

“This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.”

Mozilla’s DoH implementation involves routing users’ web traffic to a DNS server hosted by either Cloudflare or NextDNS depending on their preference, instead of DNS servers hosted by ISPs and networking companies.

The DoH protocol will be configured by default for US users over the next few weeks, although users outside of the US may activate this level of encryption by accessing the settings menu. This is an option in the connection settings menu.

This privacy-focused move typifies the approach Mozilla has taken in recent years to fine-tuning and differentiating its Firefox browser from a host of competing applications, such as Google Chrome and Microsoft Edge.

Chrome, however, also allows users to adopt DoH, although this will have to be manually configured, unlike for US users in Firefox, and soon across the rest of the world, who will enjoy DoH security by default.


Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management


Microsoft, similarly, embraced this protocol in November, announcing it would work to implement more secure technology into its products. This would start with plans to upgrade its servers to use the DoH protocol.

The shift to DoH is expected to anger ISPs, who in the UK previously branded the company an ‘internet villain’ for simply considering implementing the protocol.

Service providers, and regulators like Ofcom, or the FCC in the US, have relied on the DNS protocol for a host of functions, such as implementing content blockers. The mass implementation of DoH would render such tools useless as ISPs would lose all visibility over their customers’ web traffic.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.