Firefox is rolling out a new privacy feature designed to stop ISPs from tracking the websites you visit. Known as DNS over HTTPS, it will plug a privacy hole when surfing the web …
Tracking the websites you visit
Whenever you type in a URL, your browser needs to turn the name into a numerical IP address in order to know which server to connect to. To find out the numerical address, your browser connects to a Domain Name Server (DNS), which is a database of domain names and their corresponding IP addresses.
For example, if you enter gmail.com, it might look that up in a DNS to find that it should connect to server 74.125.204.27.
Even if the server itself uses HTTPS, meaning that all the content is encrypted, that DNS lookup is done in plain text. This means that your ISP can, if it wishes, log the names of all the website domains you visit. It could then use this to build up a profile of your interests to exploit commercially.
DNS over HTTPS
With DNS over HTTPS, the domain lookup is also encrypted, meaning that your ISP cannot see which domain your browser looked up.
It’s not a 100% secure solution, as there are other weaknesses, and your traffic will still be visible to whichever secure DNS service you use. Firefox defaults to Cloudflare, though you can change this. If you want complete security, then you should use a VPN. But it is a simple, worthwhile step.
Firefox US rollout
Mozilla says that the feature will begin to roll out as a default setting in the US from today, though it will be done in phases so will be several weeks before all US Firefox users have it enabled.
Inside or outside the US, however, you don’t need to wait for it to be enabled automatically: you can already switch it on manually, as explained below.
Outside the US? Or impatient?
If you’re outside the US, or just don’t want to wait for the automated rollout, you can switch on DNS over HTTPS manually.
- Firefox > Preferences
- Scroll down to Settings
- Click the Settings… button
- At the bottom, check Enable DNS over HTTPS
- Optionally, use the pull-down menu to change the provider
What about Safari?
Despite Apple’s privacy focus, DNS over HTTPS is not yet supported by Safari. The Cupertino company tends to be quite slow to support new standards, but it is likely to come to a future version of the browser. On the plus side, Apple is boosting HTTPS security via a simple measure which comes into effect on September 1st.
FTC: We use income earning auto affiliate links. More.
Comments