Back to blog

Mozilla named “Internet Villain” for supporting DoH protocol

Jul 11th 2019 / Web Design

The latest browsers protocol DNS-over-HTTPS (DoH), which was announced to be supported by Mozilla Firefox and Google’s Chrome recently gained the name “Internet Villain” to Mozilla browser from UK’s Internet Services Providers Association (ISPAUK).

ISPAUK explains that as Mozilla is planning to support DoH, this is going “to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.”

What is DoH though?

The DNS-over-HTTPS protocol (IETF RFC8484) works by sending DNS requests via an encrypted HTTPS connection, rather than using a classic plain text UDP request, as classic DNS works. It also works at the app level instead of OS level.

All DoH traffic is basically just HTTPS. DoH domain name queries are encrypted and then hidden in regular web traffic sent to the DoH DNS resolver, which then replies with a domain name's IP address, also in encrypted HTTPS. In theory, the protocol is a dream from privacy advocates, but a nightmare for ISPs and makers of network security appliances.

In the United Kingdom ISPs can legally block some types of websites such as those that include copyright-infringing or trademarked content, extremist content, adult images, and child pornography. With this protocol, which connections take place between an app (browser or mobile app) and a secure DoH-compatible DNS server (resolver), ISPs claim that they wouldn’t be able to track those websites and this will cause problems in security.

The DoH protocol currently is not supported in browsers, but Mozilla Firefox and Google’s Chrome browsers are planning to support it in the future

Chrome hasn’t tested it yet, but Mozilla completed a successful DoH test and announced officially that they plan to support it.

Official representatives of Mozilla shared their disappointment. "We're surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure”. They also announced plans for not enabling DoH by default in the UK, but are looking for potential partners in Europe to bring the feature in more European countries.