Mozilla wants to fix DNS
Firefox enables encrypted DNS over HTTPS by default.
Firefox, the open source web browser, now enables encrypted DNS over HTTPS by default in the US, which Mozilla, the company behind Firefox, claims will address the current insecure DNS system used by many people to access the internet, and which leaves their data unencrypted. In a blog post explaining the feature (read it at http://bit. LY/LXF262DOH), Mozilla claims that its DNSOVER-HTTPS (DOH) protocol will protect its users by encrypting DNS traffic through its Firefox browser to resolvers via HTTPS, so Firefox users’ browsing behaviour can’t be intercepted by anyone spying on the network.
Mozilla is working with Cloudflare and NEXTDNS, which have joined Mozilla’s Trusted Recursive Resolver programme (http://bit.ly/ LXF262MOZILLATRR) and will adhere to strict requirements on how they will handle user data. As Mozilla explains, “this includes placing strict limits on data retention so providers– including internet service providers – can no longer tap into an unprotected stream of a user’s browsing history to build a profile that can be sold.”
The idea is that through this programme, and its DOH protocol, Mozilla will “close the data leaks” that have plagued DNS for 35 years. But while this is a welcome move, some people are concerned that DOH could lead to greater centralisation of DNS. In a lengthy FAQ in the blog post, Mozilla disputes this, claiming that DOH in Firefox will actually lead to less centralisation as it is moving traffic away from large ISPS, which have a disproportionate control over the internet thanks to consumer devices being locked to the ISPS’ DNS services.