On February 25, Firefox became the first web browser to set a new encryption method called DNS over HTTPS (DoH) as a default privacy setting for its users.
Before DoH was created, anything that was searched up on the web went through a system called the DNS (domain name system), which acts as a database that translates words typed in the URL bar into a sequence of numbers known as an IP Address, which is a website’s proper identification and location. If the web was a neighborhood, “Bob’s house” would be the input for the URL bar and the formal address for “Bob’s house” would be the IP Address. Through DNS, web browsers can find and give users the websites that they searched for.
The problem with normal DNS searching is that it requires a resolver to go through multiple servers, all of which see the IP Address that is being searched. Using the neighborhood metaphor, DNS searching is like a mailman (the resolver) going from house to house (the servers) asking for directions to Bob’s house. The mailman, as well as all the neighbors who the mailman has asked directions from now know that Bob has received mail from someone.
On the normal web, this can be a problem in tracking and spoofing. Tracking would be like a neighbor’s or the mailman’s observations on who in the neighborhood is receiving the most mail. Spoofing would be like a neighbor misdirecting the mailman to another house for malicious reasons or the mailman purposely delivering the mail to the wrong house.
To help fix this problem that has existed since the beginning of the internet, DoH was proposed in October 2018. It fixes this privacy & security issue by encrypting DNS search ups using HTTPS encryption, which is used for encrypting info input into a specific website, such as passwords, email addresses, credit card numbers, etc.
There has been controversy over DoH since it is impartial; it helps the privacy and security of normal web users, but also helps protect malicious and illegal websites from being tracked. More criticisms say that it only creates a false sense of security since other parts of the DNS search are still not encrypted. DoH also requires a trusted resolver. Otherwise, it won’t work at all.
Although Firefox is the first browser to set DoH encryption as a default, it’s not the only browser working on it: Chrome, Edge, Brave, and Opera are all browsers that either already support DoH but have it turned off by default or are working on implementing it. Due to the controversy over it, some browsers may choose to keep it off by default, and even Firefox is still testing its effectiveness.