Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic that’s typically sent over an unencrypted plain text connection, and which could allow others to see what websites you’re visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.
As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext.
Mozilla is motivated in part by ISPs who monitor customers’ web usage. US carriers like Verizon and AT&T are building massive ad-tracking networks. DoH won't stop the data collection but it’ll likely make it more difficult.
However, the way Mozilla implemented DNS-over-HTTPS in the Firefox web browser also received criticism over in past few months over favoring Cloudflare and instead of trying to upgrade to an encrypted DoH server operated by the user's existing DNS provider.
When it announced that it would be turning on DoH by default last year, Mozilla said that it would allow for opt-in parental controls and disable DoH if Firefox detects them. It also said that it would disable DoH by default in enterprise configurations.
On the other hand, Google took care of this privacy issue while announcing DNS over HTTPS feature in its Chrome web browser late last year, which automatically upgrades DNS settings to the equivalent DoH service from the same provider if it's DoH-compatible. Here’s a guide from last year on how to do so.
"Users have the option to choose between two providers — Cloudflare and NextDNS — both of which are trusted resolvers."
To do that, go to Firefox Settings > Preferences > General > scroll down to Network Settings > click Settings > then click Enable DNS over HTTPS.
Anyway, Mozilla has now become the first browser to push DNS-over-HTTPS by default, and the company has plans to gradually roll it to the rest of the Firefox users in other countries in the next few months.