Today, Mozilla is flipping on the switch to turn on encrypted DNS over HTTPS for U.S. users by default. If you’re unfamiliar with the tech, the pitch is this feature will help prevent internet service providers from tracking the sites you go to.
DNS over HTTPS (DoH) is meant to address the inherent privacy vulnerabilities in how you surf the web. The Domain Name Service (DNS) is, in Mozilla’s words, “one of the oldest parts of internet architecture” and one that hasn’t seen a lot of changes in the past 30 years. This plays into tracking because when you go to a URL, your browser needs to look up the site’s corresponding IP address. It does that via the DNS. But, even if the site you’re visiting is encrypted via HTTPS, the DNS lookup is done over plain text. That means ISPs—or other entities—can, if they so choose, easily figure out what websites you’ve gone to and build up a profile of your browsing habits. DoH is meant to circumvent that by ensuring the DNS lookup is also encrypted. It won’t necessarily stop tracking wholesale, but it will make it more difficult.
Mozilla started working on improving DNS privacy about two years ago. Since then, other browsers, including Chrome, have also added support for DoH. That said, the standard is not without its detractors. In the UK, for instance, it’s been argued that DoH also makes it easier for criminals, particularly when it comes to spreading photos of child abuse. There are also complaints that DoH could bypass whitelist filters and parental controls, as well as make it harder for ISPs and lawmakers to block illegal content. To that end, last year Mozilla said in a blog that it would provide opt-in parental controls, as well as honor enterprise configurations, which may also be adversely impacted by DoH.
It should be noted that DoH will only be made default for U.S. users. And while rollout begins today, Mozilla will be doing it in phases so it won’t impact all U.S. users for another few weeks. As for users outside the U.S., they can manually enable DoH if they want by going to Preferences > Settings > Enable DNS over HTTPS.