On Tuesday, Mozilla announced encrypted DNS (Domain Name System) over HTTPS (DoH) is being enabled for US Firefox users by default. It should help protect users against data collection by third parties or attacks on browsing histories by malicious individuals on your network.

This change is something the company has been pushing for some time, as it's a decade-old flaw in the system. In order to link a web address such as www.pcmag.com with an IP address, DNS had to perform these links without encryption - even for encrypted “https” sites - because of how the system was built (Mozilla provides a more detailed explanation here.) Now, it should be more difficult, but not impossible, for ad-tracking networks to grab your data.

Because the websites you visit will be visible to the DNS Server that Firefox is connecting to, Mozilla chose two providers - Cloudflare and NextDNS - to work with, making Cloudflare the default. Mozilla also has a set of standards that a DoH provider must adhere to in order to be a part of its “Trusted Recursive Resolver” (TRR) program, meaning that they will not be able to sell user data they retain or use it to identify individual end users, among other criteria. 

While this system is being enabled by default, users outside of the US will need to go into their Firefox settings, then General, then scroll down to Networking Settings and click the Settings button on the right. “Here you can enable DNS over HTTPS by clicking, and a checkbox will appear,” Mozilla says.

The reason it isn't being rolled out internationally is because of criticism from security services. Mozilla previously said that it has "no current plans to enable DoH by default in the UK," for example, because GCHQ (Government Communications Headquarters) said the feature would interfere with ISPs’ ability to block copyright-infringing materials, child abuse images, and extremist material.

Although Firefox is the first browser to make this a default feature, other browsers, including Chrome, Edge, Brave, Opera, and Vivaldi, all have options to enable it. In fact, any Chromium-based browser can apply it “pretty much universally.” The only major omission to that list is Apple’s default browser, Safari.