33 votes

Firefox has started enabling DNS-over-HTTPS by default for all US-based users

14 comments

  1. [9]
    tildez
    Link
    While this is a feature I will use, I don't think it's a great solution. I would much rather see this happening at the OS level. I suppose you have to get the ball rolling somehow and I hope this...

    While this is a feature I will use, I don't think it's a great solution. I would much rather see this happening at the OS level. I suppose you have to get the ball rolling somehow and I hope this will lead to something better in the future.

    8 votes
    1. joplin
      Link Parent
      Not only that, there need to be a lot more providers for the DNS servers, particularly ones that aren't already entrenched interests in the field like CloudFlare.

      Not only that, there need to be a lot more providers for the DNS servers, particularly ones that aren't already entrenched interests in the field like CloudFlare.

      4 votes
    2. 666
      Link Parent
      Me too, but nobody is going to implement it at the OS level until it becomes "mainstream", I agree with you, you have to get the ball rolling somehow. This is a chicken and egg problem and I think...

      I would much rather see this happening at the OS level. I suppose you have to get the ball rolling somehow and I hope this will lead to something better in the future.

      Me too, but nobody is going to implement it at the OS level until it becomes "mainstream", I agree with you, you have to get the ball rolling somehow. This is a chicken and egg problem and I think Mozilla is doing well here to solve that.

      I'm currently using it at the OS level at home with AdGuard Home and pointing my OS DNS to 127.0.0.1. I also made my own CA and SSL certificate to be able to point Firefox to my local DoH server because otherwise Firefox won't enable ESNI.

      A lot of misinformed network admins are freaking out about this because they feel they are losing control over their own network, but at work we have successfully implemented it and you can easily configure Firefox with a group policy to make it use your own server so you can even have encrypted internal DNS!

      3 votes
    3. babypuncher
      Link Parent
      Set up cloudflared on a machine on your network, configure your router to point to it as the upstream DNS.

      Set up cloudflared on a machine on your network, configure your router to point to it as the upstream DNS.

      1 vote
    4. [5]
      awe777
      Link Parent
      Do this on a stock OS level and censorship bureaus will start countering them (either by blocking unapproved DNS server access, blocking the service, or even blocking the OS itself), turning it...

      Do this on a stock OS level and censorship bureaus will start countering them (either by blocking unapproved DNS server access, blocking the service, or even blocking the OS itself), turning it into a useless, feel-good feature.

      There's a good reason uBlock Origin is one of the most-used plugin and yet, not implemented within Gecko/Chrome's guts instead.

      1. [4]
        ThatFanficGuy
        Link Parent
        So... what's the reason?

        There's a good reason uBlock Origin is one of the most-used plugin and yet, not implemented within Gecko/Chrome's guts instead.

        So... what's the reason?

        3 votes
        1. [3]
          tildez
          Link Parent
          I'm assuming the poster means that google's lifeblood is showing users targeted ads.

          I'm assuming the poster means that google's lifeblood is showing users targeted ads.

          1 vote
          1. [2]
            ThatFanficGuy
            Link Parent
            That's Chrome's part of the deal, sure. What about Mozilla and Firefox (which is built on the Gecko engine)? I think I heard something about Firefox blocking ads natively in the future... or was...

            That's Chrome's part of the deal, sure. What about Mozilla and Firefox (which is built on the Gecko engine)? I think I heard something about Firefox blocking ads natively in the future... or was it another browser?

            2 votes
            1. tildez
              Link Parent
              I know Firefox currently blocks trackers and some ads by default.

              I know Firefox currently blocks trackers and some ads by default.

              2 votes
  2. pew
    Link
    I've been using nextdns.io for a while now, they also provide blocklists to block ad networks from serving traffic, kinda like pi-hole just as a hosted service. They have good tutorials on how to...

    I've been using nextdns.io for a while now, they also provide blocklists to block ad networks from serving traffic, kinda like pi-hole just as a hosted service. They have good tutorials on how to get started on any device, even down to the router level to protect your whole network, including DNS-over-HTTPS/TLS.

    It's kind of crazy how many requests are being blocked by nextdns for me, I enabled it for all my devices and alone the microsoft analytics service was blocked nearly 5000 times in the last 30 days. And I'm only using Microsoft To Do actively, I'm not aware of any other Microsoft app I'm using.

    6 votes
  3. [3]
    iikkaa
    Link
    This is a feature which looks good but it is not (in my opinion), because it compromises network security by circumventing the rules of your local network. I understand that most people will only...

    This is a feature which looks good but it is not (in my opinion), because it compromises network security by circumventing the rules of your local network.
    I understand that most people will only have a windows/mac computer on wifi and a router/modem coming with their ISP subscription and know nothing about privacy, but still... I just cannot accept its opt-out behavior. Perhaps if they would also include plugins like ublock-origin, decentraleyes, (etc.). into the installation package... but not like this.
    At least, there are good solutions out there to block this feature, so it's not the end of the world (I use unbound and Pi-hole for example).

    5 votes
    1. [2]
      Diff
      Link Parent
      If it was opt-in, its target audience would never see it. The non-techies of the world won't be diving into the settings to turn a privacy feature on. The techies who have their own setup that's...

      I understand that most people will only have a windows/mac computer on wifi and a router/modem coming with their ISP subscription and know nothing about privacy, but still... I just cannot accept its opt-out behavior. Perhaps if they would also include plugins like ublock-origin, decentraleyes, (etc.). into the installation package... but not like this.

      If it was opt-in, its target audience would never see it. The non-techies of the world won't be diving into the settings to turn a privacy feature on. The techies who have their own setup that's better or preferable to this can switch it off or configure it differently pretty easily. Seems like a net positive.

      9 votes
      1. iikkaa
        Link Parent
        First of all, sorry for the late reply (I was on a vacation). Relevant example would be my brother's story, who is not a tech savy person at all. He bought a router for the family and (following...

        First of all, sorry for the late reply (I was on a vacation). Relevant example would be my brother's story, who is not a tech savy person at all. He bought a router for the family and (following the simple guide in the manual) set up dns filtering (mainly for the kids), which was completely ignored by this feature until I noticed it and set up things properly for them.
        I think it's safe to say that he would have never figured it out on his own, and that is what I was trying to suggest in my post.

        2 votes
  4. aymm
    Link
    I've been using the DoH by Digitale Gesellschaft (page is in German) since Firefoy started supporting it and am quite happy with it!

    I've been using the DoH by Digitale Gesellschaft (page is in German) since Firefoy started supporting it and am quite happy with it!

    2 votes