The past few years have seen the transition of much of the internet from transferring data over HTTP to HTTPS. While the distinction seems small, the end behavior has been huge. ISP and internet relays can no longer see the data being transferred between you and the websites you visit, so long as they are using HTTPS. While the data itself is encrypted, the requests are not. That means that these same organizations have the ability to see the sites and pages you visit, if not the data, because the DNS lookups themselves are not encrypted. That is until now.
Cloudflare offers an encrypted DNS lookup service using the DNS over HTTPS, or DoH, protocol. This service protects even your browsing history from the prying eyes of the ISPs and relays, as well as anyone snooping on your wireless connections. Firefox has offered an integration with the DoH protocol for a while now but is stepping up that relationship. This week, the company announced that, in the coming weeks, it would be turning this behavior on for all US users by default. In the announcement, the company said,
Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the Internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, (and) helps prevent data collection by third parties on the network that ties your computer to websites you visit.
Mozilla, who makes Firefox, has said that they are open to adding additional encrypted DNS providers with time, so long as they conform to the company's requirements. They have also said that they are not turning the setting on by default outside of the US. However, if you want to use the feature, you can turn it on in the settings.
Hopefully, we will see more browsers, particularly Chrome and the new Edge, will implement this feature. Both companies have it in their pipelines, though neither has announced timelines for public release.