Broadband Software

How do you turn on DNS-over-HTTPS: the Firefox feature that broadband providers hate?

Yes, it's a cheap excuse to use a photo of a cute fox. Get over it.

Last Updated on

Firefox maker Mozilla is in the dog house. It’s been branded an “internet villain” by the UK’s Internet Service Providers Association (ISPA) for supporting a new feature called DNS-over-HTTPS that protects your privacy – and inconveniently thwarts the content filters the broadband providers have put in place.

What does DNS-over-HTTPS actually do? And how do you switch it on, just to annoy them? We’ll explain both here.

What is DNS-over-HTTPS?

The web is heavily reliant on a system called DNS.

The easiest way to think of DNS is as the internet’s phone book. It converts the addresses we type into our web browsers (ie. www.bigtechquestion.com) into the IP address of the server the website is hosted from (in our case 192.0.78.215). In much the same way it’s easier to remember a person’s name stored in your mobile phone contacts than their telephone number, DNS lets you remember that web address instead of having to type the IP number.

To make the system work, each broadband provider will have their own DNS servers (either operated by themselves or a partner) that look up the addresses entered by their customers.

But this system isn’t very secure. Every time you enter a web address into your browser, that request is passed to your broadband provider’s DNS servers using an unencrypted channel, meaning that almost anyone could snoop on your broadband connection and see which sites you’re visiting. Worse, your request could be intercepted and sent to a site you didn’t want – so you might type bbc.co.uk into your browser, for example, but actually be sent to a site that infects your computer with a virus.

Mozilla – amongst a number of other web companies – is proposing that we move to a system called DNS-over-HTTPS. You will have often been told to look for https:// at the beginning of web addresses when entering payment details online, because that shows the web page is encrypted. Well, that’s what DNS-over-HTTPS does – it encrypts the traffic between your computer and the DNS server, so that nobody can snoop on your web traffic or intercept it. It also has the added advantage of being quicker!

So what’s the problem? The system that British broadband providers use to block access to certain websites is reliant on the old, insecure DNS system. If your broadband provider can’t see which sites you’re requesting, it can’t block you from accessing them.

According to ISPA, the so-called voice of the UK internet industry – which includes BT, Sky and Virgin Media among its members – this is a very bad thing. In fact, it’s nominated Mozilla for its Internet Villain of the Year award for encouraging people to ” bypass¬†UK filtering obligations and parental controls, undermining internet safety standards in the UK”.

In fact, what Mozilla is trying to do is to make the internet more secure for everyone. It’s just that the broadband providers’ controversial filtering systems are dependent on this outdated, insecure technology.

How do I turn on DNS-over-HTTPS in Firefox?

Mozilla had proposed to turn on DNS-over-HTTPS by default, but has long said it wouldn’t do so in the UK, until the situation with internet filtering could be resolved. ISPA seemingly ignored that bit. But you can turn it on in the Firefox web browser yourself. (Before you do, you might want to read the disadvantages of DNS-over-HTTPS that I’ve outlined at the foot of this article.)

To switch on DNS-over-HTTPS in Firefox, type “about:preferences” into the browser’s address bar and click on the Settings button right at the bottom of the screen, under a heading called Network Settings (pictured below).

On the screen that appears when you press that button, scroll down until you see the box marked Enable DNS-over-HTTPs and tick it, like so:

Fiefox DNS-over-HTTPS

By default, this will substitute your broadband provider’s DNS servers with that of an American company called Cloudflare, who have partnered with Mozilla. It’s worth reading Cloudflare’s FAQ on what they do with the data, but essentially they promise to delete all logs of websites visited within 24 hours.

It’s worth noting that only websites visited with Firefox will use DNS-over-HTTPS. Sites accessed via other browsers or other applications on your PC will continue to use your broadband provider’s DNS servers.

What are the disadvantages of DNS-over-HTTPS?

To be fair to ISPA, there are some legitimate concerns with switching to DNS-over-HTTPS. By far the biggest is that it will circument the blacklist used to prevent your browser accessing illegal sites, such as those hosting child-abuse images. That said, it is highly unlikely you’re going to accidentally stumble across child abuse online – the blocks are there to thwart those who deliberately seek it out.

DNS-over-HTTPS is also a no-no for any parent that relies on their broadband provider’s parental controls to block access to inappropriate websites. These systems too rely on old-school DNS.

The big problem for ISPA members such as BT and Sky is that DNS-over-HTTPS also prevents the broadband providers from blocking access to copyright infringing sites, such as those illegally showing their sports channels. Dare I suggest that this is the real reason ISPA is getting so hot under the collar on behalf of its members?

NOW READ THIS: Which BT Hub do I have?

About the author

Barry Collins

Barry has scribbled about tech for almost 20 years for The Sunday Times, PC Pro, WebUser, Which? and many others. He was once Deputy Editor of Mail Online and remains in therapy to this day. Email Barry at barry@bigtechquestion.com.

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: