Your internet provider knows where you've been. How to keep your browsing more private

Rob Pegoraro | Special for USA TODAY

If you use Firefox, your web browsing habits will become a bit more mysterious to your internet provider.

Mozilla, the non-profit developer of the Firefox web browser, will make this happen by switching U.S. desktop Firefox users to an encrypted form of the directory assistance behind all internet navigation, as announced in a post last week.

This change involves the Domain Name Service, which lets you get anywhere online by translating your request for a site into the numeric Internet Protocol, or IP, address matching the computer that will deliver the web page in question.

With traditional internet providers, “DNS” sends these queries without the encryption protecting most email and web browsing. So your provider could know the domain names you wanted to visit, as could an eavesdropper online.

That’s the digital equivalent of calling 411 on speakerphone in public – or, for later generations, asking Siri a personal question in a crowded room.

The fact that you checked Amazon might not shock anybody. But your visits to sites of particular presidential candidates or those of certain health-advocacy organizations could expose much more about you.

PayPal, passwords and Wi-Fi: 11 tips for better digital security

Dear passwords: Forget you. Here's what is going to protect us instead

Firefox will close that loophole by cutting your internet provider and any interlopers out of the loop. Instead, it will send each lookup query via an encrypted link to the network-security firm Cloudflare, which has offered a free and encrypted DNS service since 2018.

Your provider will still see the Internet Protocol addresses of sites you visit – but in many cases, they will only match servers at “content distribution networks” that host multiple companies, leaving little clue about where you went.

Mozilla says this will be switched on automatically “over the next few weeks.”

To see if Firefox’s new feature is active or to turn it on yourself, click the menu button at the top right corner, choose “Preferences,” scroll all the way down to the Network Settings header and click the “Settings” button below that, and check the “Enable DNS over HTTPS” option.

Joseph Lorenzo Hall, senior vice president for a strong internet at the non-profit group Internet Society, called encrypted DNS “an important user-protective move that reduces the amount of digital exhaust out of our devices, homes, and vehicles.”

(Remember that Firefox’s version can’t help other apps on your computer, like your email app. To do that, you’d need to change your computer’s network settings to employ a different DNS – something technically-savvy users have done for years to ride out some ISP breakdowns.)

So why aren’t other browsers offering the same feature? Compatibility issues can be one reason; Hall noted in an email that some parental-control systems conflict with it. Firefox will switch off this encrypted lookup if it detects such a filter.

Issues of choice come up as well, since browsers have traditionally left this setting up to the system-wide settings on any computer. Google, for example, announced in September that its Chrome browser would only switch to that more secure lookup if the current DNS offers it.

You also have to trust the outside DNS provider not to abuse its knowledge of your online habits. Cloudflare says it deletes DNS-lookup records after 24 hours.

Comcast has pointed to Google’s potential ability to redirect queries to its own encrypted DNS as reason to resist this trend. Lobbying documents obtained by Vice’s tech-news site Motherboard last fall invited Congress to grill Google about this.

Internet users with no choice of broadband provider, however, may not feel bad about depriving their local monopoly of this lock on their online life.

Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, e-mail Rob at rob@robpegoraro.com. Follow him on Twitter at @robpegoraro.