Fearing drama, Mozilla opens public consultation before worldwide Firefox DoH rollout

Mozilla wants to enable DNS-over-HTTPS (DoH) in Firefox for all users worldwide, but wants to hear from ISPs, governments, and companies beforehand.
Written by Catalin Cimpanu, Contributor
Mozilla logo

Mozilla has opened today a public comment and consultation period about the ways it could enable support for the controversial privacy-centric DNS-over-HTTPS (DoH) protocol inside Firefox.

The browser maker's decision to open a rare public consultation period comes after the organization faced criticism last year in the UK for its plans to support DoH inside Firefox.

UK government officials, law enforcement agencies, and local internet service providers criticized Mozilla for developing and wanting to roll out DoH, a feature they said could have helped suspects bypass enterprise firewalls and parental controls blocklists — even earning the browser maker a nomination for an "Internet Villain" award from a local ISP.

All last year's hoopla was caused by DoH, a web protocol developed as an alternative to the classic DNS (Domain Name System).

DoH works by encrypting DNS queries (which are normally sent out in clear text) and hiding them inside normal-looking HTTPS web traffic.

When deployed inside browsers like Firefox, the protocol allows users to hide the sites they are accessing from third-party observers like internet service providers and enterprise traffic management solutions.

Albeit the protocol has many benefits for users' individual privacy, ISPs and law enforcement agencies spoke out against it, with the loudest and most concerted voices coming from the UK. Some criticism came from US authorities, but this wasn't on the same level as the one in the UK, and many US ISPs eventually set up DoH servers of their own.

Nonetheless, the pressure put on Mozilla in the UK bore its fruits and the browser maker eventually backtracked and agreed to delay deploying DoH inside the UK.

Instead, Mozilla enabled DoH for all Firefox users in the US, where the browser maker has been testing the feature at scale since February this year.

However, Mozilla has always planned to roll out DoH to all of its users across the world — barring the UK, where it promised not to deploy it.

The current consultation period is here as a way to give "stakeholders" (to be read as governments and ISPs) a say in the matter and avoid future issues with the DoH rollout.

Stakeholders have from November 19, 2020, to January 4, 2021, to file their opinions, which Mozilla said it plans to take into consideration as long as they're reasonable and have the interests of its users in mind.

However, not many things are expected to change. Since the "Internet Villain" scandal last year, Mozilla has already addressed most of the DoH criticism already. This included:

  • Adding a "canary" domain that can be queried on managed networks to force Firefox to disable DoH support and defer to local enterprise policies for DNS management.
  • Adding support for additional default DoH providers inside Firefox, besides Cloudflare (the only DoH provider last year).
  • Adding an easier section in the Firefox options page to manage DoH settings.

But regardless of these updates to how DoH now works inside Firefox, Mozilla still wants to hear from companies and governments about issues with DoH before it enables the feature for all users next year.

Apple, Chrome, and Microsoft have also announced plans to support the DoH protocol in their products, and all have learned from the criticism that Mozilla had to deal with last year, all deploying enterprise-friendly DoH implementations from the get-go, with Google's DoH support going live for all Chrome users earlier this year.

All the Chromium-based browsers

Editorial standards