DoH! Mozilla assures UK minister that DNS-over-HTTPS won't be default in Firefox for Britons

As Reg readers will know, you'll have to click a few buttons first

Firebox builder Mozilla has confirmed to UK Culture Secretary Nicky Morgan that Britons won't be getting DNS-over-HTTPS (DoH) by default once the feature is included in the next run of browser updates.

In a letter to the Secretary of State for Digital, Culture, Media and Sport, Mozilla's global policy veep Alan Davidson said his Silicon Valley org "has no plans to turn on our DoH feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders."

The letter, which was conveniently shown to The Guardian today, also confirmed that DoH would be the default for folks in the US.

This repeats and cements Mozilla's position expressed earlier this year, when a spokesman said "we are currently exploring potential DoH partners in Europe to bring this important security feature to other Europeans more broadly."

As we previously reported, DoH is all about shifting domain-name queries – which try to match domain names with server IP addresses – over a secure, encrypted HTTPS connection to a DNS server, rather than via an unprotected, unencrypted bog-standard DNS connection. That should protect DNS lookups from tampering or snooping by your ISP, though whoever is providing the DNS server can obviously see your queries.

Mozilla's DoH-by-default plans stirred up the ire of the British establishment because it was thought that widespread adoption would largely break ISPs' government-mandated content blocking systems.

Nonetheless, DoH is billed as helping stop third parties (ISPs, government agencies, police forces, any of the random handful of British state organs allowed by law to help themselves to your browsing history, etc) from viewing what you’re viewing – or, in the case of criminals looking to defraud you, hijacking your DNS requests.


Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month


An unholy alliance between a UK ISPs' lobbying association, social conservatives across Parliament and the civil service, the Internet Watch Foundation and selected small-c conservative national newspapers combined to screech blue murder earlier this year at Mozilla.

The browser-maker played the game and merely pronounced itself "surprised and disappointed" at ISPA's antics. Nonetheless, the company has since backed down from what it says is a privacy and security-enhancing tech rollout.

Google, of course, is also about to roll an imminent deployment of DoH into its Chrome browser, although for its part, Google has promised it won't override your choice of DNS provider.

We have asked Mozilla if it wishes to comment and will update this article if it responds.

A Parliamentary question about what discussions the current government had had with Mozilla went unanswered thanks to the (now unlawful) prorogation of Parliament by Prime Minister Boris Johnson.

Not enabling DoH by default seems like a compromise option intended to soothe state-backed data sniffers and social conservatives alike. Exploiting the well-known tendency of end users not to do or enable anything to help themselves, Mozilla presumably hopes that'll be enough to put Britain's creeps back in their boxes.

Instructions on enabling or disabling DoH in Firefox can be found here.

While the public messaging on DoH is mostly focused on security, child abuse content or terrorists, it's wise to take a wider view. As we reported a few days ago, Paul Vixie of Farsight Security opined (at the end of this article) that the ultimate victor if the Google and Mozilla position prevails may be the tech companies resolving encrypted DNS queries, who will then have a much broader sight of what people are browsing than anyone else. Or so they hope. ®

Similar topics

Other stories you might like

  • It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected

    And a bunch of bank-account-raiding trojans also identified

    FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland.

    The Nordic country's National Cyber Security Center (NCSC-FI) lately warned that scam messages written in Finnish are being sent in the hope that recipients will click the included link to a website that requests permission to install an application that's malicious.

    "The messages are written in Finnish," the NCSC-FI explained. "They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages. The theme of the text may be that the recipient has received a voicemail message or a message from their mobile operator."

    Continue reading
  • AsmREPL: Wing your way through x86-64 assembly language

    Assemblers unite

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all.

    REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages.

    Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

    Continue reading
  • Microsoft adds Buy Now, Pay Later financing option to Edge – and everyone hates it

    There's always Use Another Browser

    As the festive season approaches, Microsoft has decided to add "Buy Now, Pay Later" financing options to its Edge browser in the US.

    The feature turned up in recent weeks, first in beta and canary before it was made available "by default" to all users of Microsoft Edge version 96.

    The Buy Now Pay Later (BNPL) option pops up at the browser level (rather than on checkout at an ecommerce site) and permits users to split any purchase between $35 and $1,000 made via Edge into four instalments spread over six weeks.

    Continue reading

Biting the hand that feeds IT © 1998–2021