Extra security for Firefox browser upsets ISPs

Broadband customers get cutting edge security for free, but ISPs don't want you to have it.

the word

Monday, 9 September, 2019

New default settings for Mozilla Firefox protect your browsing data from hackers, scammers, and even your own ISP.

This new setting automatically encrypts DNS requests with the HTTPS protocol. This masks the websites and servers you’re visiting from anyone that might be looking. That includes your ISP, who usually sees everything you do online.

DNS over HTTPS (DoH) is a relatively new protocol that isn’t widely supported. Firefox is the first major browser to use it by default. Enabling the setting on other browsers, like Chrome, involves messing with some advanced settings. But most users would be uncomfortable tinkering with program command lines.

Mozilla has faced backlash from ISPs that are afraid DoH will dodge their own network-level filters and blocks.

What is DNS?

DNS stands for Domain Name System. It is a protocol that converts text website addresses (that people can read) into numerical IP addresses (that computers can read). Many websites rotate their IP address, but their text address will stay the same. DNS servers locate the current IP address of a website, even if it has recently changed. It then connects users when they type in the text-based address.

These DNS requests are typically unencrypted, so anyone listening in on your connection can see exactly what websites you’re visiting. This makes them vulnerable to man-in-the-middle attacks. These attacks jump in the middle of your connection to a website and steal your data as it makes its way to the site you’re visiting.

What is HTTPS?

HTTPS is the encrypted version of the standard HTTP protocol used by the front-end of almost every website. HTTP converts the jumble of website code into something users can read and navigate. Without HTTP, every website would be a block of plain text.

HTTPS encrypts any data you might input directly into a website, like user names, passwords, and payment information. It has become the standard for every site that collects this kind of data, and you should be very careful when inputting sensitive info on a site that doesn’t use HTTPS.

DoH applies the same encryption methods to your DNS requests, making them just as protected as the data you’re inputting.

Proxy Servers

A popular method for protecting your browsing data is to use a proxy server. A proxy server is used as a doorway to the rest of the internet. This makes all your connections pass through the server first. Proxy servers encrypt all your data, and can be used to access international websites that could be blocked in your country.

Hackers and your ISP can’t see the sites you’re visiting past the proxy server, but they can still see which proxy you are connecting to in the first place. Proxy servers also carry some risk, as the server itself sees everything you’re doing online, even if no-one else does. If you use an untrustworthy proxy, your data could be at more risk than if you didn’t use one at all.

Adding an extra server to your connections can also hurt your broadband performance. The most popular ones also frequently require a paid subscription to use.

DoH provides similar protection to a proxy server, without adding any extra distance to your internet connections.

Why are ISPs upset?

The Internet Service Providers Association (ISPA) went as far to label Mozilla “Villain of the year” for implementing DoH in Firefox. They quickly withdrew their label after backlash from broadband customers. So why are ISPs and customers so divided over this feature?

By encrypting DNS data, ISPs lose their power to record, track, censor, and block their customers’ access to websites. If they can’t see what sites you’re visiting, they can’t stop you from visiting them. The primary use of this power is to protect copyrighted material by cutting off access to torrent sites and illegal streaming services. These platforms make copyrighted movies, TV shows, games, sporting events, and software available for free.

There is also concern that poor DoH servers will negatively impact internet performance, and that ISPs will get complaints that they cannot resolve. But this can also work in the opposite direction. Many internet users already use alternate DNS servers instead of their ISP’s, as they are often much more reliable. Google makes public DNS servers freely available to anyone, and there are many other alternatives available.

Firefox uses Cloudflare’s DNS server, which is the fastest DNS resolver on the internet. This means Firefox will significantly outperform your ISP, unless there are technical problems.

You can download Firefox at the Mozilla website. DoH is enabled by default, so you don’t need to change any settings to sure up your internet privacy.

Samuel Newman author picture


Samuel Newman is a consumer journalist and blogger based in Sheffield.