Skip to content

Firefox turns controversial new encryption on by default in the US

  • by


Starting February 27, 2020, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the United States, the company has announced.

DoH is a new standard that encrypts a part of your internet traffic that is typically sent over an unencrypted plain text connection, and which could allow others to see what websites you are visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.

Whenever you type a website into your address bar, your browser needs to go through a process to convert it into an IP address using a DNS lookup. However, this traffic is normally not encrypted, meaning that it is possible for others to see what websites you are visiting. DoH is an attempt to encrypt this information to protect your privacy.

Mozilla is motivated in part by ISPs who monitor customers’ web usage. US carriers like Verizon and AT&T are building massive ad-tracking networks. DoH will not stop the data collection but it will likely make it more difficult.

Although it is much harder for others to see your DNS lookups with DoH enabled, the websites will still be visible to the DNS server your browser is connecting to. Thus, Mozilla says Firefox will offer a choice of two trusted DNS providers, Cloudflare and NextDNS, and that Cloudflare will be used as the default. Mozilla has outlined a set of privacy requirements that any DoH provider must abide by in order to be considered a trusted resolver.

Mozilla claims that DoH increases the privacy and security of users online, but the technology has faced fierce criticism from lawmakers and security experts who say that it hampers legitimate attempts by enterprise system administrators and lawmakers to block dangerous web content.

Experts also claim the technology does not provide the perfect privacy protection that its proponents claim. Only certain parts of the DNS lookup process are encrypted, and internet service providers will still be able to see which IP addresses their users are connecting to, they warn.

When it announced that it would be turning on DoH by default last year, Mozilla said that it would allow for opt-in parental controls and disable DoH if Firefox detects them. It also said that it would disable DoH by default in enterprise configurations.

This controversy means that the announcement only concerns US-based Firefox users. Mozilla told ZDNet last year that it would not be enabling DoH by default in the UK, where the technology has been criticized by the country’s intelligence service, child advocacy groups, and ISPs.

In an FAQ on its site Mozilla says its current focus is on enabling the feature in the US only. However, users outside of the US will be able to manually turn the feature on by heading into Settings, General, and then scrolling down to Networking Settings.

While Firefox is the first browser to start turning on DoH by default, other browsers such as Chrome, Edge, Chromium, and Brave have also started supporting the feature. However, in most cases you will have to dig through their settings in order to enable the feature.

Adapted from an article on

Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in affordable IT Support, IT Service, MAC repair, PC Repair, Virus Removal, web design and much more. Give us a call for remote support or drop in to drop off. Give us a call or stop on by if you ever have any question, no appointment necessary!