Firefox

20105 readers

22 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago

MODERATORS

[email protected]

635

Say (an encrypted) hello to a more private internet. (blog.mozilla.org)

submitted 2 years ago by [email protected] to c/[email protected]

49 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 44 points 2 years ago (14 children)

Does this mean your isp can't see the sites you visit anymore?

[–] [email protected] 10 points 2 years ago (5 children)

Yes and no. If your isp is still providing unencrypted DNS for you, then they can still see the domain name you're visiting.

[–] [email protected] 7 points 2 years ago (4 children)

What if you force a dns, like say cloudflare?

[–] [email protected] 8 points 2 years ago (2 children)

Ordinary DNS requests are always plaintext and readable to anyone between you and the DNS server. So regardless of which DNS server you use, your ISP can see all your DNS lookups. For any amount of privacy for DNS, the minimum is something like DNS-over-TLS or DNS-over-HTTPS, the latter of which Firefox uses by default in some countries and supports everywhere.

[–] [email protected] 6 points 2 years ago (1 children)

I mean with this + DNS over HTTPS can we guarantee the isp can no longer see anything?

[–] [email protected] 2 points 2 years ago

They'll only see the IP you're connecting with and encrypted data packets being transferred on.

[–] [email protected] 5 points 2 years ago

Ordinary DNS requests are always plaintext and readable to anyone between you and the DNS server.

Not just readable... The ISP can inject their own responses too. Regular DNS is both unencrypted and unauthenticated, with most clients not enforcing DNSSEC.

load more comments (1 replies)

load more comments (9 replies)