Firefox to enable DNS-over-HTTPS by default to US users
Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed.
It follows a year-long effort to test the new security feature, which aims to make browsing the web more secure and private.
Whenever you visit a website — even if it’s HTTPS enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can’t be intercepted or hijacked in order to send a user to a malicious site.
These unencrypted DNS queries can also be used to snoop on which websites a user visits.
DoH works at the app-level, and is baked into Firefox. The feature relies on sending DNS queries to third-party providers — such as Cloudflare and NextDNS — both of which will have their DoH offering baked into Firefox and will process DoH queries.
But the move is not without controversy. Last year, an internet industry group branded Mozilla an “internet villain” for pressing ahead the security feature. The trade group claimed it would make it harder to spot terrorist materials and child abuse imagery. But even some in the security community are split, amid warnings that it could make incident response and malware detection more difficult.
The move to enable DoH by default will no doubt face resistance, but browser makers have argued it’s not a technology that browser makers have shied away from. Firefox became the first browser to implement DoH — with others, like Chrome, Edge, and Opera — quickly following suit.
Firefox said users outside of the U.S. can also enable DoH, just as users inside the U.S. can choose to disable it. Mozilla also said it plans to expand to other DoH providers and regions.