An important aspect of network communications, through a partnership between Firefox maker Mozilla and internet service provider Comcast, will gain new privacy protection.
Internet communications rely on a technology called the Domain Name System, or DNS, to locate online sites and services' numerical web addresses. The numeric address is essential to routing data packets over the internet, but if your browser or other software looks up that address with a DNS server, it can reveal information about what you're looking for and expose the result to tampering, such as sending you to a bogus version of a website.
Firefox has embraced an encrypted version of DNS called DOH - for "DNS over HTTPS" - which protects those DNS lookups with the same encryption that browser makers invented to protect passwords , credit card numbers and other sensitive data. When Mozilla switched users of US Firefox to DOH by default, DOH service was offered via two network companies, Cloudflare and NextDNS.
Comcast now represents a new option. It is agreed to comply with the privacy requirements of Mozilla limiting how data is retained by the DNS service provider and prohibiting blocking or modifying content. "We hope this sets a precedent for further browser-to-ISP cooperation," Firefox Chief Technology Officer Eric Rescorla said in a statement Thursday.
That's a significant development for concerns some have about DOH - for instance that it could concentrate power with a small number of DNS providers or that DOH 's privacy promise is undermined by the fact that your ISP can necessarily see the internet addresses of data packets of your devices.
The work that spans various companies, organizations and standards groups shows how difficult it is to add encryption to an internet that was created without it. But, for many tech players right now, privacy is a top priority, even as some governments and politicians seek to undermine encryption.
Google Chrome has adopted a different approach to DOH, allowing it only when offered by your existing DNS provider. That's a more limited embrace but it sidesteps some of the technology's contentious elements.