Stories
Slash Boxes
Comments

SoylentNews is people

Firefox Turns Encrypted DNS On By Default To Thwart Snooping ISPs

posted by Fnord666 on Wednesday February 26 2020, @02:37PM   Printer-friendly
from the and-everyone-else-on-the-network dept.

Arthur T Knackerbracket has found the following story:

Firefox will start switching browser users to Cloudflare's encrypted-DNS service today and roll out the change across the United States in the coming weeks.

"Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users," Firefox maker Mozilla said in an announcement scheduled to go live at this link Tuesday morning. "The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox's US-based users."

DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making, potentially making it more difficult for Internet service providers or other third parties to monitor what websites you visit. As we've previously written, Mozilla's embrace of DNS over HTTPS is fueled in part by concerns about ISPs monitoring customers' Web usage. Mobile broadband providers were caught selling their customers' real-time location data to third parties, and Internet providers can use browsing history to deliver targeted ads.

Wireless and wired Internet providers are suing the state of Maine to stop a Web-browsing privacy law that would require ISPs to get customers' opt-in consent before using or sharing browsing history and other sensitive data. The telecom companies already convinced Congress and President Trump to eliminate a similar federal law in 2017.

Also at:
Mozilla Blog
The Register

Previously:
Firefox Begins Enabling DNS-over-HTTPS for Users

Original Submission

 
This discussion has been archived. No new comments can be posted.
Firefox Turns Encrypted DNS On By Default To Thwart Snooping ISPs | Log In/Create an Account | Top | 56 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Touché) by fustakrakich on Wednesday February 26 2020, @02:45PM (6 children)

    by fustakrakich (6150) on Wednesday February 26 2020, @02:45PM (#962854) Journal

    And help snooping Cloudflare, one stop shopping for those who don't want to have to get multiple warrants

    --
    La politica e i criminali sono la stessa cosa..
    Starting Score:    1  point
    Moderation   +4  
       Interesting=1, Touché=3, Total=4
    Extra 'Touché' Modifier   0  
    Total Score:   5  

  • (Score: 5, Touché) by ikanreed on Wednesday February 26 2020, @03:45PM (4 children)

    by ikanreed (3164) Subscriber Badge on Wednesday February 26 2020, @03:45PM (#962906) Journal

    It's almost like DNS is a service that has to come from somewhere and if you don't choose for yourself, you're left with the slop that either your ISP or browser or OS or some other third party decides for you.

    • (Score: 2, Insightful) by Anonymous Coward on Wednesday February 26 2020, @09:24PM (3 children)

      by Anonymous Coward on Wednesday February 26 2020, @09:24PM (#963097)

      Or... rely on what your ISP wants. You know, the ones actually Providing you the Internet Service.... Or let you do your work and choose your own.
      Mozilla should have nothing to do with it, period.

      • (Score: 3, Informative) by ikanreed on Wednesday February 26 2020, @09:26PM

        by ikanreed (3164) Subscriber Badge on Wednesday February 26 2020, @09:26PM (#963100) Journal

        Yeah, probably. That this is on by default is dumb as hell.

      • (Score: 0) by Anonymous Coward on Thursday February 27 2020, @07:19AM

        by Anonymous Coward on Thursday February 27 2020, @07:19AM (#963355)

        In some countries trusting ISP is foolish. And people that can't twiddle with arcane magicks need privacy too.

      • (Score: 2) by vux984 on Friday February 28 2020, @06:24PM

        by vux984 (5045) on Friday February 28 2020, @06:24PM (#964244)

        Or... rely on what your ISP wants.

        Just one of the reasons for HTTPS everywhere is that some ISPs were intercepting HTTP traffic and injecting their own ads into it.
        Many more were replacing "no domain" with redirects to their own ads to effectively typosquat.
        So, just "rely on your ISP" is pretty shitty advice. Most of us don't have a lot of choice of ISPs. And when we're mobile, roaming, on other peoples networks, in hotels, and other peoples wifi etc, etc.

        Or let you do your work and choose your own.

        Sure everyone has to be a information technology expert or hire one or they deserve to get screwed. Do you think I have to be a contract lawyer or hire one to avoid getting screwed when I order something from amazon too?

        Mozilla should have nothing to do with it, period.

        Said the butthurt ISP operator.

  • (Score: 0) by Anonymous Coward on Wednesday February 26 2020, @10:10PM

    by Anonymous Coward on Wednesday February 26 2020, @10:10PM (#963159)

    This doesn't even help avoid your snooping ISP from knowing exactly where you are going anyway. Yes, I understand that IP addresses can point to multiple servers, so that isn't foolproof. The real secret is that vanilla HTTP requests contain a Host header and TLS handshakes have the Server Name Indication. Both of those let your ISP know exactly who your communications are meant for. "But what about ESNI?" Well, none of the major servers and only one browser support it, so you'd have to be connecting to an encrypted Cloudflare proxied website with Firefox or using some sort of tunnel to see any sort of prevention of snooping by your ISP at all.