Firefox turns encrypted DNS on by default to thwart snooping ISPs
Found on Ars Technica on Wednesday, 26 February 2020
Firefox will start switching browser users to Cloudflare's encrypted-DNS service today and roll out the change across the United States in the coming weeks.
DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making, potentially making it more difficult for Internet service providers or other third parties to monitor what websites you visit.
So based on rumours about thousands of snooping ISPs, Mozilla decides to send every single DNS query to Cloudflare instead. Or Google. That's even worse because it makes profiling easier by several orders of magnitude. Plus, let's not forget, it also means that the local hosts file where you can override lookups and block bad domains system-wide, is ignored so expect more advertising and tracking (and less security if you push your Intranet hostnames to public nameservers). To continue the list of massive faults, baking DNS lookups into every single piece of software makes it impossible for the user to control its systems. By force-feeding DoH down the throats of their users, Mozilla actually takes the control of their systems out of their hands. If you want encryption, just use DNS over TLS.