Skip to comments.Firefox turns controversial new encryption on by default in the US
Posted on 02/27/2020 2:16:36 PM PST by ransomnote
Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic that’s typically sent over an unencrypted plain text connection, and which could allow others to see what websites you’re visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.
Whenever you type a website into your address bar, your browser needs to go through a process to convert it into an IP address using a DNS lookup. However, this traffic is normally not encrypted, meaning that it’s possible for others to see what websites you’re visiting. DoH is an attempt to encrypt this information to protect your privacy. Here’s a more in-depth explanation from Mozilla that explains it in detail.
Mozilla is motivated in part by ISPs who monitor customers’ web usage. US carriers like Verizon and AT&T are building massive ad-tracking networks. DoH won't stop the data collection but it’ll likely make it more difficult.
MORE AT LINK
(Excerpt) Read more at theverge.com ...
Usually, when I read about Firefox, theyre doing something bad. This wont make me switch back from Waterfox. Maybe.
I didn’t read the tech specs, but if it’s only masking DNS don’t bother. The IP address is all the ISP needs.
The only reason the internet grew so fast with free content is so you could be spied upon.
DoH won’t stop the data collection but itll likely make it more difficult.
Well on second thought...I guess that would just tell you the farm...not the actual site (if it’s a shared site).
DuckDuckGo says they don’t track user activity. Have any Freepers even able to verify this?
I use Brave and DDG. Was wondering the same.
Been using DuckDuckGo since it arrived on the scene... Fast and no clutter from unwanted adds... If they say "no tracking"...well I like it so much, anyway, that I'll believe them...
Plus they openly fired a conservative. F em.
DuckDuckGo addresses another issue, your internet search behavior. That is what they do not track.
This article involves what happens when you click a link with a site name. That involves doing a name lookup using a Domain Name Service, DNS. The DNS servers take the name and return a numeric IP address to your browser. The numeric IP address is employed to connect to the remote web site.
Example: www.freerepublic.com => 22.214.171.124
This article says that FireFox will start encrypting that exchange.
The biggest problem with this entire scheme is that there is no provision in the DNS protocol for encryption. What they are doing is (ab)using the http protocol to route DNS queries to a third party, where the queries will originate. Seems to me that this is not going to do much for browsing speed, especially these days, as websites tend to be fairly complex with data and images actually being fed from separate servers, which entails multiple queries for a single page.
If they are concerned about the privacy issues surrounding DNS queries, they should submit an RFC to modify DNS query behaviour. I’m kinda thinking that’s going to be a hard sell though. DNS is designed to be a fairly simple protocol, and until fairly recently was primarily UDP traffic, which doesn’t even have error checking built into it. UDP packes are basically a fire-and-forget designed for speed and not even primarily for accuracy, much less privacy. There would be huge changes required in infrastructure to implement encryption beyond that already implemented in the DNSSec spec. Heck, DNSSec is such a pain in the ass to implement, that most sites don’t even bother with it.
I’m really not going to be happy with trying to troubleshoot yet another layer of complexity under what was supposed to be a fairly straightforward purpose. I’d be willing to bet that there are going to be both latency and caching issues involved in this. Is the browser going to retry as a standard UDP query if latency issues crop up?
Now days,anybody not using a VPN is insane. I just use the VPN’s DNS.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.