Firefox expands network privacy protection with Comcast deal

A simplified new Firefox icon


An important aspect of network communications will get new privacy protection through a partnership between Firefox maker Mozilla and internet service provider Comcast.

Internet communications rely on a technology called the Domain Name System, or DNS, to locate the numeric internet addresses of online sites and services. The numeric address is essential for routing packets of data across the internet, but when your browser or other software looks up that address with a DNS server, it can reveal information about what you’re looking for and expose the result to tampering, for example sending you to a bogus version of a website.

Firefox embraced an encrypted version of DNS called DOH — for “DNS over HTTPS” — that protects those DNS lookups with the same encryption that browser makers invented to protect passwords, credit card numbers and other sensitive data. When Mozilla switched US Firefox users to DOH by default, it offered DOH service through two network companies, Cloudflare and NextDNS.

Now Comcast is a new option. It’s agreed to abide by Mozilla’s privacy requirements limiting how the DNS service provider retains data and prohibits it from blocking or modifying content. “We hope this sets a precedent for further cooperation between browsers and ISPs,” said Firefox Chief Technology Officer Eric Rescorla in a statement Thursday.

That’s a significant development for concerns some have about DOH — for example that it could concentrate power with a small number of DNS providers or that DOH’s privacy promise is undermined by the fact that your ISP necessarily can see the internet addresses of your devices’ data packets.

The work spanning different companies, organizations and standards groups shows how hard it is to add encryption to an internet that was created without it. But privacy is a top priority for many tech players right now, even as some governments and politicians seek to undermine encryption.

Google’s Chrome took a different approach to DOH, enabling it only when your existing DNS provider offers it. That’s a more limited embrace, but it sidesteps some contentious elements of the technology.

Source Article