It may not come as a surprise that advertisers are watching what you do online, armed with cookies, tracking scripts, and other tools. Less well-known is how your internet service provider can snoop on your surfing—by tracking every time your computer or phone looks up a web address.

This doesn’t mean that ISPs are watching you online. Comcast, for instance, put out a statement in October pledging to not track users. But Mozilla, the nonprofit behind the Firefox web browser, has its suspicions. To make snooping harder for Comcast, Verizon, and others, Mozilla introduced a new service this year that routes web page requests away from your ISP. Today, it’s expanding the offering to another provider.

Here’s the technical explanation: To get to a web page, your browser needs to translate the text address you enter, such as “google.com,” into the site’s numerical IP address, such as 172.217.7.196. It does this by looking up the address on what’s called a domain name system, or DNS, server. To eliminate the temptation for ISPs to peek, Mozilla began offering a service that encrypts DNS requests and sends them to providers that pledge not to log or share your data, rather than to your ISP’s own, unencrypted DNS server.

So far, there’s just been one encrypted service: cloud security provider Cloudflare. The decision to go with one service for this new effort opened Mozilla to criticism that it’s creating new dangers by centralizing the workings of the web. ISPs have cited this centralization in appeals to Congress attacking the whole encrypted DNS effort.

Mozilla has countered that Cloudflare is just the first DNS provider, and more are coming. It is finally making good on that pledge today by announcing the addition of a service called NextDNS, which can serve as an alternative. Mozilla promises that yet more providers are coming in the future.

See this explainer for instructions on how to set up Firefox’s encrypted DNS service.