Firefox Says – NO DNS Over HTTPS (DoH) by Default for UK

In a surprise twist Mozilla has informed the Government that they now have “no plans” to enable the DNS-over-HTTPS security feature by default for UK internet users in their popular Firefox website browser, at least not without “further engagement with public and private stakeholders.” Doh!

At present most Domain Name System (DNS) requests, which turn Internet Protocol (IP) addresses into human readable domain names like ISPreview.co.uk and back again, are still unencrypted and this makes it easy for your broadband ISP to snoop, filter (block websites / parental controls etc.) and even optimise some aspects of your internet connectivity (better direction of traffic for Content Delivery Networks etc.).

By comparison the DNS-over-HTTPS (DoH) system encrypts DNS requests by sending them over the common HTTPS protocol for websites. On the one hand this is a welcome security and privacy improvement, although big ISPs and governments are concerned that wide-scale adoption by major third-parties (e.g. website browser software that enables it by default) could disrupt some of their services, particularly snooping and blocking.

We’ve covered this quite a lot before (here and here) and at one point the ISPA even controversially labelled Mozilla as an “Internet Villain” for their aspiration to enable the feature by default (i.e. taking DNS requests away from ISPs and making it harder to intercept them in the traffic flow), which was promptly withdrawn following a backlash (here).

The penny appeared to drop earlier this month after Mozilla announced that they would proceed to enable the feature by default, albeit with a few caveats and starting in the USA (here). However Mozilla has now written to the Culture Secretary, Nicky Morgan MP, and said it “has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders” (The Guardian).

A DCMS Spokesperson said:

“Child sexual exploitation is an abhorrent crime that this Government is committed to tackling. While we look to support security and privacy online, it is vital that all sectors of the digital industry consider child safety when developing their systems and services.

We are working with industry on solutions to any potential problems as part of our ongoing work to make the UK the safest place in the world to be online.”

Admittedly most end-users tend not to enable such features themselves, although the publicity around DoH is sure to have had an impact upon take-up. Indeed enabling DoH in Firefox today is as easy as going to ‘Options‘, scrolling right to the bottom of the new window under ‘General‘ and clicking ‘Settings‘ (Network Settings). The “Enable DNS over HTTPS” feature is at the bottom of that page (assuming you trust Cloudflare – a USA based company – to handle your DNS traffic, although you can pick a different DoH provider – AAISP’s UK example).

Just remember that by enabling DoH you may also break some of the features offered by your ISP, although for the most part you probably won’t notice any difference and can always disable it later.