Mozilla announced plans to enable DNS-over-HTTPS (DoH) by default in the Firefox browser, starting with US users this month. But the news was received with lots of criticism, as most security researchers believed the idea of domiciling all the DNS traffic to Cloudflare, is bad idea.

While the operating system is what's normally responsible for managing DNS and other network settings on all applications, but Mozilla is looking to change all that, by making Firefox able to dictate the pitch. And should other applications also follow this example, it will only lead to chaos over the Web.

Now, imagine if you get different DNS for different applications or perhaps, have the applications implementing own IP stack, with different addresses, routing and so forth. Though, DoH generally, is a good technology as it brings privacy via encryption, but the correct way would be to standardise DoH and add support for it into automatic address configurations and operating systems, not applications.

Mozilla should revert the change to allow users, at least to opt-in, and choose their DoH provider, rather than automatically defaulting to Cloudflare. The company must take real responsibility by working together with the security community to create RFCs to make DHCPv6, DHCPv4 and Router support DNS URLs instead of IP addresses.

It could also contribute in developing support for the operating systems, if truly privacy is a concern for Mozilla. And whether you've got trust for Cloudflare or not, directly supporting centralization by using DoH in Firefox sucks.

The best way to voice out against it is perhaps is to turn DoH off in your Firefox browser, simply go to Settings - Network Settings and uncheck the Enable DNS over HTTPs checkbox.

Why Mozilla's defaulting of Firefox DoH to Cloudflare is a bad idea?



Mozilla announced plans to enable DNS-over-HTTPS (DoH) by default in the Firefox browser, starting with US users this month. But the news was received with lots of criticism, as most security researchers believed the idea of domiciling all the DNS traffic to Cloudflare, is bad idea.

While the operating system is what's normally responsible for managing DNS and other network settings on all applications, but Mozilla is looking to change all that, by making Firefox able to dictate the pitch. And should other applications also follow this example, it will only lead to chaos over the Web.

Now, imagine if you get different DNS for different applications or perhaps, have the applications implementing own IP stack, with different addresses, routing and so forth. Though, DoH generally, is a good technology as it brings privacy via encryption, but the correct way would be to standardise DoH and add support for it into automatic address configurations and operating systems, not applications.

Mozilla should revert the change to allow users, at least to opt-in, and choose their DoH provider, rather than automatically defaulting to Cloudflare. The company must take real responsibility by working together with the security community to create RFCs to make DHCPv6, DHCPv4 and Router support DNS URLs instead of IP addresses.

It could also contribute in developing support for the operating systems, if truly privacy is a concern for Mozilla. And whether you've got trust for Cloudflare or not, directly supporting centralization by using DoH in Firefox sucks.

The best way to voice out against it is perhaps is to turn DoH off in your Firefox browser, simply go to Settings - Network Settings and uncheck the Enable DNS over HTTPs checkbox.

No comments