Mozilla Firefox Roll out DNS over HTTPS for Canadian Users

Mozilla Firefox Roll out DNS over HTTPS for Canadian Users

Mozilla has determined to roll out the DNS over HTTPS (DoH) feature by default for Canadian Firefox users later this month. The action comes after DoH has already been offered to US-based Firefox users since 2020.

For Canadian Users Firefox Enable DoH by Default

Mozilla Firefox users located in Canada will soon start noticing DNS over HTTPS (DOH) enabled by default, in a gradual rollout.

In starting of July 20th, DOH will first be offered to 1% of Canadian Firefox users, and eventually, reach all Firefox users in Canada by September of 2021.

Mozilla-Firefox-Roll-out-DNS-over-HTTPS-for-Canadian-Users-image1

DoH encodes regular DNS traffic over HTTPS with both DNS requests and reverts being transmitted over port 443, making the traffic blend right in with regular traffic to HTTPS websites.

This not only gives end-to-end encryption to the user but also continued privacy, as of now their DNS traffic cannot easily be seized by a network administrator. By contradiction, standard DNS protocol functioning over UDP has no encryption, principal assurance, or privacy protections:

“Because there is no encryption, other devices along the way might collect (or even block or change) this information too.” Mozilla’s Principal Engineer, Patrick McManus had previously said that “DNS lookups are sent to server that can detect on your website browsing history without either notifying you or posting a policy about what they do with that data.”

Therefore, this action by Mozilla is proposed at strengthening the online security and privacy of its Canadian users.

For Firefox Canada Mozilla Picks CIRA as DoH Provider

Mozilla has declared collaborating with Canadian Internet Registration Authority (CIRA) as the choice of its DoH provider for Firefox Canada users, as a part of this rollout. CIRA is the current DoH provider, which also happens to be an internet registration authority, to join Firefox’s Trusted Recursive Resolver (TRR) program.

Formerly, Cloudflare, NextDNS, and Comcast have been enrolled as Mozilla Firefox’s TRRs. “Unencrypted DNS is a major privacy issue and part of the traditional of the old insecure, Internet. We are very excited to be able to partner with CIRA to help fix that for our Canadian users and protect more of their browsing history by default,” said Eric Rescorla, Firefox CTO.

Even though DoH offers privacy and security benefits to the end-user, it is cost noting; hardly being end-to-end encrypted does not alone make DoH service providers resist adversaries.

As earlier reported by our experts, that the threat actors have very much harmed Google’s own DNS –over-HTTPS service to provide functionality their malware’s command-and-control (C2) activities.

Also, using DoH in a collective environment would provide network administrators with little to no perceptibility into DNS traffic, unless a Man-in-the-Middle (MitM) duplicate was in use, at which point, the probable security advantages offered by DoH to the users would be deprived off.

After this month, Firefox users in Canada will be seeing the notification shown above starting from 20th July, asking them to approve or “disable” DoH protections.

Users can also go through the below steps to switch between DoH providers, or opt-out of DoH together:

  • Launch your Firefox, navigate Settings
  • Scroll down to Network Settings, and tap on the Network Setting button again
  • To enable DoH, ensure that the “Enable DNS over HTTPS” option is checked and hit Ok
Mozilla-Firefox-Roll-out-DNS-over-HTTPS-for-Canadian-Users-image2

Canadian users should start seeing “CIRA Canadian Shield” listed as their default provider soon. Users can also uncheck the box to disable DOH, or select a different DoH provider enrolled in Firefox’s Trusted Recursive Resolver Program, from the dropdown menu. As per Mozilla, encrypting DNS queries and responses will DoH is only a first step.

“An important second step needed is that the companies managing this information have appropriate rules in place – like the ones highlighted in Mozilla’s TRR program.”

This program’s main aim to standardize needs in three areas: limiting data collection and retention from the resolver, make sure of clarity for any data retention that does appear, and restricting any probable use of the resolver to limit the access or modify content explained by Mozilla.

By giving DoH enabled by default to the user and setting out strict performances need for parties to implement it.

Leave a Reply