Mozilla's Firefox tries closing more privacy holes with new network tech
Mashing up two network technologies -- DNS and HTTPS -- thwarts snooping and tampering.
- Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
A Firefox Nightly sticker
Browser makers are trying to thwart network snoopers by encrypting your connections to the web servers that host websites, but Mozilla on Friday began a project to go one step further.
Firefox Nightly, a rough-around-the-edges test version of Mozilla's browser, now includes technology called DNS over HTTPS, Mozilla said. DNS is the Domain Name System used to find the numeric addresses needed to communicate with computers across the network -- 64.30.228.118 for CNET.com, for example -- and HTTPS is the secure version of the Hypertext Transfer Protocol used to fetch data from websites.
The combination, called DoH, prevents middlemen from figuring out what internet servers you're trying to reach -- and from tampering with results to do wicked things like sending you to a fake version of a website.
"Domain Name Service is one of the oldest parts of internet architecture, and remains one that has largely been untouched by efforts to make the web safer and more private," Mozilla said in a blog post. "We're working to change that by encrypting DNS queries and by testing a service that keeps DNS providers from collecting and sharing your browsing history."
Privacy is on the front burner these days as Facebook and Cambridge Analytica have revealed just little we actually have. Firefox's embrace of DoH wouldn't have prevented that particular problem, but it does help seal other holes. Privacy and security are technical challenges that aren't ever finished, only gradually improved.
Cloudflare DNS partnership
Mozilla also is taking a number of other measures this year to improve privacy in Firefox, like clamping down on behavior tracking and blocking ad retargeting -- that sometimes creepy situation where you visit a website then shortly after see an ad for it on a different website, or see the same ad follow you around the web.
When it comes to actually fulfilling a DNS request, Mozilla needs a partner that offers DNS services to its privacy standards. It picked Cloudflare, an internet infrastructure company that recently launched its own publicly available DNS service.
"We've chosen Cloudflare because they agreed to a very strong privacy agreement that protects your data," Mozilla said.
In Firefox Nightly, Mozilla will test both conventional DNS and DoH, comparing the results to see if there are any problems.
Google's also tackling DNS privacy
Google is trying a related technology called DNS over TLS that accomplishes much the same thing. It's built the feature into Android P , the next version of its mobile phone software. That can already be tested in beta form if you have a compatible phone.
"In the future, we hope that all operating systems will include secure transports for DNS, to provide better protection and privacy for all users on every new connection," Google programmers Erik Kline and Ben Schwartz said in an April blog post about the move.
Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.
Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.