Stories
Slash Boxes
Comments

SoylentNews is people

Firefox Turns Encrypted DNS On By Default To Thwart Snooping ISPs

posted by Fnord666 on Wednesday February 26 2020, @02:37PM   Printer-friendly
from the and-everyone-else-on-the-network dept.

Arthur T Knackerbracket has found the following story:

Firefox will start switching browser users to Cloudflare's encrypted-DNS service today and roll out the change across the United States in the coming weeks.

"Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users," Firefox maker Mozilla said in an announcement scheduled to go live at this link Tuesday morning. "The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox's US-based users."

DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making, potentially making it more difficult for Internet service providers or other third parties to monitor what websites you visit. As we've previously written, Mozilla's embrace of DNS over HTTPS is fueled in part by concerns about ISPs monitoring customers' Web usage. Mobile broadband providers were caught selling their customers' real-time location data to third parties, and Internet providers can use browsing history to deliver targeted ads.

Wireless and wired Internet providers are suing the state of Maine to stop a Web-browsing privacy law that would require ISPs to get customers' opt-in consent before using or sharing browsing history and other sensitive data. The telecom companies already convinced Congress and President Trump to eliminate a similar federal law in 2017.

Also at:
Mozilla Blog
The Register

Previously:
Firefox Begins Enabling DNS-over-HTTPS for Users

Original Submission

 
This discussion has been archived. No new comments can be posted.
Firefox Turns Encrypted DNS On By Default To Thwart Snooping ISPs | Log In/Create an Account | Top | 56 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Fishscene on Thursday February 27 2020, @03:58PM

    by Fishscene (4361) on Thursday February 27 2020, @03:58PM (#963546)

    Thanks for posting this list!

    As for your question of the DNS resolver...
    My DNS chain is:
    PiHole > Gateway router > External DNS provider

    The trick is in the internal logic of the gateway router itself:
    Gateway Router LAN > Gateway Router itself > Gateway Router WAN

    My firewall is set to block all DNS traffic that originates from the Router LAN port destined for the Internet. This allows the gateway router itself to send/receive DNS packets.
    Basically, if you aren't using *MY* DNS server on my internal network, you're not using anyone's.

    Now for DNS over HTTPS. I don't have a real solution for that yet, so I've resorted to just blocking https traffic to known locations. But lets be honest, this is going to be an ever-growing game of whack-a-mole.

    --
    I know I am not God, because every time I pray to Him, it's because I'm not perfect and thankful for what He's done.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2