Firefox expands network privacy protection with Comcast deal

A partnership expands use of DOH, an encrypted version of a critical network technology called DNS.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
2 min read
A simplified new Firefox icon

An important aspect of network communications will get new privacy protection through a partnership between Firefox maker Mozilla and internet service provider Comcast.

Internet communications rely on a technology called the Domain Name System, or DNS, to locate the numeric internet addresses of online sites and services. The numeric address is essential for routing packets of data across the internet, but when your browser or other software looks up that address with a DNS server, it can reveal information about what you're looking for and expose the result to tampering, for example sending you to a bogus version of a website.

Firefox embraced an encrypted version of DNS called DOH -- for "DNS over HTTPS" -- that protects those DNS lookups with the same encryption that browser makers invented to protect passwords, credit card numbers and other sensitive data. When Mozilla switched US Firefox users to DOH by default, it offered DOH service through two network companies, Cloudflare and NextDNS.

Now Comcast is a new option. It's agreed to abide by Mozilla's privacy requirements limiting how the DNS service provider retains data and prohibits it from blocking or modifying content. "We hope this sets a precedent for further cooperation between browsers and ISPs," said Firefox Chief Technology Officer Eric Rescorla in a statement Thursday.

That's a significant development for concerns some have about DOH -- for example that it could concentrate power with a small number of DNS providers or that DOH's privacy promise is undermined by the fact that your ISP necessarily can see the internet addresses of your devices' data packets.

The work spanning different companies, organizations and standards groups shows how hard it is to add encryption to an internet that was created without it. But privacy is a top priority for many tech players right now, even as some governments and politicians seek to undermine encryption.

Google's Chrome took a different approach to DOH, enabling it only when your existing DNS provider offers it. That's a more limited embrace, but it sidesteps some contentious elements of the technology.