Firefox is rolling out a new privacy feature designed to stop ISPs from tracking the websites you visit. Known as DNS over HTTPS, it will plug a privacy hole when surfing the web …

Tracking the websites you visit

Whenever you type in a URL, your browser needs to turn the name into a numerical IP address in order to know which server to connect to. To find out the numerical address, your browser connects to a Domain Name Server (DNS), which is a database of domain names and their corresponding IP addresses.

For example, if you enter gmail.com, it might look that up in a DNS to find that it should connect to server 74.125.204.27.

Even if the server itself uses HTTPS, meaning that all the content is encrypted, that DNS lookup is done in plain text. This means that your ISP can, if it wishes, log the names of all the website domains you visit. It could then use this to build up a profile of your interests to exploit commercially.

DNS over HTTPS

With DNS over HTTPS, the domain lookup is also encrypted, meaning that your ISP cannot see which domain your browser looked up.

It’s not a 100% secure solution, as there are other weaknesses, and your traffic will still be visible to whichever secure DNS service you use. Firefox defaults to Cloudflare, though you can change this. If you want complete security, then you should use a VPN. But it is a simple, worthwhile step.

Firefox US rollout

Mozilla says that the feature will begin to roll out as a default setting in the US from today, though it will be done in phases so will be several weeks before all US Firefox users have it enabled.

Inside or outside the US, however, you don’t need to wait for it to be enabled automatically: you can already switch it on manually, as explained below.

Outside the US? Or impatient?

If you’re outside the US, or just don’t want to wait for the automated rollout, you can switch on DNS over HTTPS manually.

  • Firefox > Preferences
  • Scroll down to Settings
  • Click the Settings… button
  • At the bottom, check Enable DNS over HTTPS
  • Optionally, use the pull-down menu to change the provider

What about Safari?

Despite Apple’s privacy focus, DNS over HTTPS is not yet supported by Safari. The Cupertino company tends to be quite slow to support new standards, but it is likely to come to a future version of the browser. On the plus side, Apple is boosting HTTPS security via a simple measure which comes into effect on September 1st.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear