DOH! — DNS over HTTPS for my friends who don’t care about privacy


Acronyms abound, but all you really need to care about is your own personal privacy. Skip to the bottom for a quick walk-through to setup DOH in Firefox.

Here’s the deal folks. Internet Service Providers (ISPs) cannot see specifically what you do when you’re on any given website, but they absolutely can and do snoop the websites you visit. This kind of data collection about you is super valuable, as in $$$ valuable especially to advertisers, but also to law enforcement. Though, if we’re being honest, maybe some of you don’t really care about being hyper-targeted by advertisers or some of you feel like: “Hey, I’m a law abiding citizen, what‘s it matter?” I get it — we all have limited capacity to give a crap, or feel like these issues just don’t apply to us.

Perhaps where you might rethink this indifference is when it comes to, let’s say, internet browsing for personal medical issues, pornography, sex toys, looking at or researching anything illegal for whatever reason, or anything that you wouldn’t want friends or family to know about. Maybe you don’t want diaper companies to know you’re pregnant and start psychotically targeting you with ads? You do you, be free.

What if, and this is entirely possible, a certain necessary medical procedure becomes illegal in the near future and your ISP rats you out to authorities because your internet browsing history reflected a certain need for said illegal medical procedure…. Do you get where I’m coming from? Please give a crap about your internet browsing privacy — the health and future of internet access and much more depends on it.

How your ISP snoops your web traffic has to do with how your web browser typically requests the *actual* web address for a website. We’re so used to human-readable web domains that we don’t know, realize, or remember that actual web domains have ~IP addresses~. There is a translation that has to happen and it’s called DNS — Domain Name Service.

This translation from human-readable domain to IP address happens in a chain of events starting with your web browser. This is going to be a gross oversimplification, but bear with me. To start, your browser requests a website, maybe you typed one in the URL bar or clicked on a search result from Google, etc. The web browser then speaks to your computer’s Network Interface Card (NIC - enables wireless connectivity), and sends the domain name request along to your home router. Your router might have this website already cached if you visit this site a lot, if not the router sends the request out to your ISP’s network. The ISP from there moves the request onto a DNS server out there in the wild wild internet of servers until it finds the IP address of the site you want, and the request moves back all the way to your web browser. Voila, you see the website.

It happens extremely fast. Involving your ISP in this process is how they come to know what websites you’re visiting, because they’re watching this traffic.

DNS over HTTPS (DOH) is a new way of performing these DNS requests that conceals the process from not only your ISP but everyone. What happens with DOH is the browser no longer sends a request out through the NIC>router>ISP for further resolution. Instead, the browser “tunnels” or conceals the DNS request inside a common web browser protocol: HTTPS.

Hyper Text Transfer Protocol is just a fancy way of talking about how your web browser presents you with content on the internet. HTTPS is the Secure version, meaning that your web content browsing is now encrypted — a good thing! Tunneling DNS requests through HTTPS encrypts the DNS traffic from prying eyes and ISPs. Now, lastly, please understand that DOH isn’t some silver bullet or the end-all-be-all solution, but you should definitely be using it. Here’s how.

First, if you care about your privacy I recommend that you immediately switch your default browser to Firefox. Mozilla is a great community that really does care about user privacy. There’s been some recent hubbub about Chrome, and I can’t personally speak to the security of Safari — I trust Firefox. To turn on DOH in Firefox, you complete a few simple steps.

Type about:preferences in the URL bar.

Open up your browser. Navigate to the Preferences, the fastest way is to type “about:preferences” into the URL bar of the browser. At the very bottom of this page is a section titled Network Settings. Click settings to open the menu up. Near the bottom of this menu you’ll find “Enable DNS over HTTPs.” Checkmark that and hit OK.

Enable DNS over HTTPS at the bottom.

That’s it! You’ve now officially stuck it your ISP and can resume reading about hemorrhoids and shopping for sex toys in peace. ❤