Firefox enables network privacy feature for users in US
DNS over HTTPS, or DOH, is designed to thwart a major way ISPs can track your online behavior.
Stephen Shanklandprincipal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertiseprocessors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, scienceCredentials
I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Mozilla has begun enabling a
feature for everyone in the US that should make it harder for ISPs or others to track you online. The technology, called DNS over HTTPS -- DOH for short -- protects a crucial internet addressing technology with encryption.
DOH fits with a tech industry shift toward privacy that has been triggered by data breaches, the digitalization of our lives and issues like Facebook's Cambridge Analytica scandal. Mozilla has long championed privacy, and Apple has made it a major priority. Even Google and Facebook, online advertising giants that make money by following you around the web, are trying to adjust.
"DNS over HTTPS has the potential to close one of the largest privacy gaps on the web," said Max Hunter, an engineering director at the Electronic Frontier Foundation, an online privacy group, in an earlier blog post.
The DNS part of the feature is a decades-old addressing technology. Every server on the internet has a numeric address used to route data, but when we're using a website, we'll type in an address like "www.cnet.com." DNS looks up the numeric internet address so browsers can load the website.
Those address lookups typically aren't encrypted, which exposes them to anyone handling your network traffic -- your ISP, hotel or airport Wi-Fi service, or a government agency or criminal snooping around. ISPs, which often handle DNS duties, can sell your browsing history.
"I find it highly disappointing that Mozilla decided, on behalf of all users it deems American, that this was a good idea," Hubert said in an email. "While encrypted DNS is great, it matters a great deal who you encrypt your DNS to... They did not perform surveys, for example, on how people would feel about giving a trace of all their internet activities to Cloudflare."
In a policy blog post Tuesday, Mozilla defended its move to make DOH default in the US.
"Few users understand the use of DNS in their use of the internet or the potential for widespread abuse of their DNS information," Mozilla said in a policy blog post. "Rather than putting the onus on users, Mozilla is taking steps to ensure that personal privacy is the default for all users, and to give users the ability to select nondefault options if they so choose."
Mozilla also argued that its DOH approach reduces centralization. Mozilla's DOH embrace will mean less centralization "because it shifts DNS traffic away from large ISPs and provides users with more choice."