March 10, 2020•645 words
In February 2020, the Mozilla Foundation announced that it would enable DNS-over-HTTPS by default for all Firefox users in the United States. In this post, we'll explain what that is and why it matters.
Background: You and your computer need to take many steps in order to connect to a website. At some steps, there's a possibility for your privacy or security to be vulnerable.
- When you use a web browser such as Firefox to connect to a website, you are viewing files on a remote computer. These computers are usually set up to serve the website files and are also known as web servers. These servers are usually assigned a series of numbers and letters known as IP addresses. You can think of these IP addresses like phone numbers for computers.
- In order for Firefox to know which website to connect to, you usually need to tell it by clicking on a link or by typing the domain name of the website at the top of the browser.
- If the website is properly set up, then the domain will correspond to an IP address. When you connect to the domain in your browser, the domain automatically sends you to its corresponding IP address, which then sends you to its corresponding web server.
- Once you've connected to a web server with your browser, you can send and receive files to and from the web server. These files are collectively known as your traffic, or web traffic.
For example, when you click on app.standardnotes.org or type it into your browser, you will automatically be sent to the IP address 220.127.116.11, where you can access the Standard Notes web app.
If you connect to app.standardnotes.org over https, as in https://app.standardnotes.org, then your traffic to and from your web browser and the web server will be encrypted. Nobody will be able to read or tamper with your files while they're in transit.
However, your connection to app.standardnotes.org and other websites will be known to your internet service providers and anyone else who is watching your network. They won't know what you're writing in your notes app, but they'll know that you're using it.
DNS over HTTPS is the technology that encrypts the domain names and IP addresses that you're connecting to in a similar way that https encrypts your web traffic.
Why it matters: With DNS over HTTPS, your internet service provider and anyone else listening to your internet connections won't be able to know where you're connecting to anymore. If you use DNS over HTTPS with the Standard Notes web app, then you can be private about being private.
- Standard Notes forces https on all its connections, but if you want to encrypt all your web traffic, you can use the browser extension HTTPS Everywhere by the Electronic Frontier Foundation.
- In Firefox, visit Options > General > Network Settings and click "Enable DNS over HTTPS". You can also search "DNS" in the "Find in Options" bar or visit the official tutorial by Mozilla.
For other browsers, DNS over HTTPS can be enabled using the flags feature. First, update your browser to the latest version. If you use Microsoft Edge, you may need to install the new Chromium version. Then, depending on your browser, enter the following into the navigation bar and click enable:
- Google Chrome:
- Microsoft Edge:
You can also enable DNS-over-HTTPS on your mobile phone by using Cloudflare's 18.104.22.168 app.
- "The Facts About Mozilla's DNS over HTTPS" by Mozilla
- "Introducing Warp: Fixing Mobile Internet Performance and Security" by Cloudflare
- Wikipedia entry on DNS over HTTPS