Firefox Nightly, a rough-around-the-edges test version of Mozilla’s browser, now includes technology called DNS over HTTPS, Mozilla said. DNS is the Domain Name System used to find the numeric addresses needed to communicate with computers across the network — 18.104.22.168 for CNET.com, for example — and HTTPS is the secure version of the Hypertext Transfer Protocol used to fetch data from websites.
The combination, called DoH, prevents middlemen from figuring out what internet servers you’re trying to reach — and from tampering with results to do wicked things like sending you to a fake version of a website.
“Domain Name Service is one of the oldest parts of internet architecture, and remains one that has largely been untouched by efforts to make the web safer and more private,” Mozilla said in a blog post. “We’re working to change that by encrypting DNS queries and by testing a service that keeps DNS providers from collecting and sharing your browsing history.”
Privacy is on the front burner these days as Facebook and Cambridge Analytica have revealed just little we actually have. Firefox’s embrace of DoH wouldn’t have prevented that particular problem, but it does help seal other holes. Privacy and security are technical challenges that aren’t ever finished, only gradually improved.
Cloudflare DNS partnership
Mozilla also is taking a number of other measures this year to improve privacy in Firefox, like clamping down on behavior tracking and blocking ad retargeting — that sometimes creepy situation where you visit a website then shortly after see an ad for it on a different website, or see the same ad follow you around the web.
When it comes to actually fulfilling a DNS request, Mozilla needs a partner that offers DNS services to its privacy standards. It picked Cloudflare, an internet infrastructure company that recently launched its own publicly available DNS service.
“We’ve chosen Cloudflare because they agreed to a very strong privacy agreement that protects your data,” Mozilla said.
In Firefox Nightly, Mozilla will test both conventional DNS and DoH, comparing the results to see if there are any problems.