If you’re in the U.S. and using Firefox, from today when you type in a website address and hit enter it’ll be encrypted by default using something called DNS over HTTPS (DoH). Firefox claims it’s the first browser to use DoH by default, and it matters because usually that portion of our interaction with web browsers is unencrypted, meaning third parties like ISPs can see it.
Despite it looking like an obvious win for privacy advocates, DoH has its detractors, not least of all ISPs, which can monetize data about which sites we visit when. Governments often aren’t too keen on it either because it has the potential to make their surveillance programs less effective. The UK’s cyber intelligence body, GCHQ, for example, has resisted efforts to make DoH standard there.
DoH isn’t totally private — The companies providing the DNS servers can still see which sites you’re visiting. As a result, Firefox lets you choose between two it endorses, Cloudflare or NextDNS. Firefox may trust them, but whether you do is another question. Also, there are questions about how watertight DoH actually is. So don’t go thinking Firefox is a replacement for a decent VPN.
What the heck is DNS? — When you type in a URL that text gets converted to an IP address via what’s called a DNS (Domain Name System) lookup. Think of it like looking someone up in a phonebook — you know their name and maybe which street they live on, but not their actual phone number. Every time you call a phone number your mobile operator can see it, and the same is true of conventional DNS and your ISP or, potentially, someone spoofing the Wi-Fi at your local coffee shop.
Who cares who sees what I search? — ISPs can sell your browsing history and habits to data brokers who create models to sell to advertisers so you can get those hyper-personalized, incessant ads we all love for the things we’ve recently purchased. Or, your browsing data can pique the interest of government agencies who might not know you’re looking up Middle Eastern terror cells because of your obsession with the show Homeland which could result in protracted security checks every time you travel.
Other browsers support DoH, too — Though Firefox is only making DoH the default for U.S. users, Firefox users in other countries can choose to turn on the feature. Moreover, as The Verge notes, DoH is also available in Google Chrome, the other Chromium-based browsers like Edge from Microsoft or Brave, it’s just not turned on by default, and finding it will require some digging around in settings menus.
If you’ve gotten this far but want to know even more about how DNS and DoH work, Firefox has an excellent, illustrated, detailed explainer over here.