Mozilla

Mozilla has begun enabling a Firefox privacy feature for everyone in the US that should make it harder for ISPs or others to track you online. The technology, called DNS over HTTPS -- DOH for short -- protects a crucial internet addressing technology with encryption.

Testing has been underway for months, but on Tuesday Mozilla will start enabling DOH for everyone in the US. The gradual spread to all Firefox users should take a few weeks as Mozilla checks for problems.

DOH fits with a tech industry shift toward privacy that has been triggered by data breaches, the digitalization of our lives and issues like Facebook's Cambridge Analytica scandal. Mozilla has long championed privacy, and Apple has made it a major priority. Even Google and Facebook, online advertising giants that make money by following you around the web, are trying to adjust.

"DNS over HTTPS has the potential to close one of the largest privacy gaps on the web," said Max Hunter, an engineering director at the Electronic Frontier Foundation, an online privacy group, in an earlier blog post.

The DNS part of the feature is a decades-old addressing technology. Every server on the internet has a numeric address used to route data, but when we're using a website, we'll type in an address like "www.cnet.com." DNS looks up the numeric internet address so browsers can load the website.

Those address lookups typically aren't encrypted, which exposes them to anyone handling your network traffic -- your ISP, hotel or airport Wi-Fi service, or a government agency or criminal snooping around. ISPs, which often handle DNS duties, can sell your browsing history.

DOH, which Mozilla pioneered, encrypts the DNS address lookup to shield it and to protect against tampering. It's won support from Google's Chrome team and privacy-focused browser maker Brave (and opposition from UK ISPs that briefly nominated Mozilla for an Internet Villain award).

DOH dispute

But some fear that DOH is a step backward. Notable critics include Paul Vixie, who helped create DNS, and Bert Hubert, creator of the PowerDNS software. One concern is that DOH could centralize DNS activity; another is that it could offer companies a new way to track you online.

"I find it highly disappointing that Mozilla decided, on behalf of all users it deems American, that this was a good idea," Hubert said in an email. "While encrypted DNS is great, it matters a great deal who you encrypt your DNS to... They did not perform surveys, for example, on how people would feel about giving a trace of all their internet activities to Cloudflare."

In a policy blog post Tuesday, Mozilla defended its move to make DOH default in the US.

"Few users understand the use of DNS in their use of the internet or the potential for widespread abuse of their DNS information," Mozilla said in a policy blog post. "Rather than putting the onus on users, Mozilla is taking steps to ensure that personal privacy is the default for all users, and to give users the ability to select nondefault options if they so choose."

Mozilla also argued that its DOH approach reduces centralization. Mozilla's DOH embrace will mean less centralization "because it shifts DNS traffic away from large ISPs and provides users with more choice."

Firefox offers two DOH service choices, Cloudflare and NextDNS, and requires DOH partners to follow a privacy policy barring sales of DNS data. It has no plans for now to offer DOH in Europe, meaning Firefox users there won't have their DNS data handled by a US company.

Chrome is taking a less active DOH stance than Firefox. There, DOH is still experimental and is used only when your existing DNS setup offers it.

Originally published Feb. 25, 3 a.m. PT.

Update, 10:24 a.m.: Adds further details on opposition to Mozilla's DOH approach.