{"id":4299,"date":"2023-06-06T08:46:41","date_gmt":"2023-06-06T15:46:41","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=4299"},"modified":"2023-06-06T08:46:41","modified_gmt":"2023-06-06T15:46:41","slug":"firefox-dns-over-https","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2023\/06\/06\/firefox-dns-over-https\/","title":{"rendered":"Firefox DNS Over HTTPS"},"content":{"rendered":"\n<p>The new version of Firefox 114 has a new DNS over HTTPS security feature. Only my official Mozilla Firefox versions have been updated, and both defaulted to off (should soon show up in Linux package managers). This setting would protect you on public WiFi if you&#8217;re not using a <a rel=\"noreferrer noopener\" href=\"https:\/\/jasonsblog.ddns.net\/index.php\/2023\/03\/30\/run-your-own-vpn\/\" target=\"_blank\">VPN<\/a> to encrypt your traffic, as DNS lookups would be encrypted with HTTPS and not sent in the clear with HTTP. I have my own <a rel=\"noreferrer noopener\" href=\"https:\/\/jasonsblog.ddns.net\/index.php\/2022\/03\/17\/run-pi-hole-with-unbound-in-docker-on-a-raspberry-pi\/\" target=\"_blank\">Pi-Hole\/Unbound<\/a> servers at home and on my personal <a rel=\"noreferrer noopener\" href=\"https:\/\/jasonsblog.ddns.net\/index.php\/2022\/07\/23\/install-wireguard-vpn-on-your-raspberry-pi-with-docker\/\" target=\"_blank\">VPN<\/a> server, so I&#8217;m already protected with privacy and domain, telemetry, malware, and ad site blocking. But you can enable this if you would find it beneficial to cut down on people <a rel=\"noreferrer noopener\" href=\"https:\/\/jasonsblog.ddns.net\/index.php\/2022\/03\/07\/internet-service-providers-are-logging-everything-you-do-online\/\" target=\"_blank\">snooping on you including your own ISP<\/a>, but keep in mind the DNS server provider could be logging what sites you visit and why it&#8217;s a good idea to run your own recursive DNS resolvers which seek out the server responsible for the domain you&#8217;re visiting and caching the IP address adding even more security from DNS injection attacks.<\/p>\n\n\n\n<p><a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/dns-over-https?as=u&amp;utm_source=inproduct#w_what-does-my-doh-status-mean\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.mozilla.org\/en-US\/kb\/dns-over-https?as=u&amp;utm_source=inproduct#w_what-does-my-doh-status-mean<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"696\" height=\"249\" src=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image.png\" alt=\"\" class=\"wp-image-4300\" srcset=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image.png 696w, https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-300x107.png 300w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><\/figure>\n\n\n\n<p>Default setting:<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"683\" height=\"873\" src=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-1.png\" alt=\"\" class=\"wp-image-4301\" srcset=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-1.png 683w, https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-1-235x300.png 235w\" sizes=\"auto, (max-width: 683px) 100vw, 683px\" \/><\/figure>\n\n\n\n<p>Increased Protection setting:<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"676\" height=\"277\" src=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-2.png\" alt=\"\" class=\"wp-image-4302\" srcset=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-2.png 676w, https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-2-300x123.png 300w\" sizes=\"auto, (max-width: 676px) 100vw, 676px\" \/><\/figure>\n\n\n\n<p>Max Protection setting:<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"335\" src=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-3.png\" alt=\"\" class=\"wp-image-4303\" srcset=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-3.png 675w, https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-3-300x149.png 300w\" sizes=\"auto, (max-width: 675px) 100vw, 675px\" \/><\/figure>\n\n\n\n<p>Bonus tip if you&#8217;re using Firefox, turn off telemetry and malicious site lookups if you&#8217;re already running your own block lists. I believe the malicious site lookup uses Google, so they&#8217;d have all your sites you visit with this setting even though you&#8217;re not using their Chrome browser. Also, use a <a rel=\"noreferrer noopener\" href=\"https:\/\/jasonsblog.ddns.net\/index.php\/2022\/10\/21\/privacy-search-proxies-searxng-and-whoogle\/\" target=\"_blank\">privacy focused search engine<\/a> that strips tracking data and masks your IP address as well for further privacy.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"684\" height=\"546\" src=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-4.png\" alt=\"\" class=\"wp-image-4304\" srcset=\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-4.png 684w, https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2023\/06\/image-4-300x239.png 300w\" sizes=\"auto, (max-width: 684px) 100vw, 684px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>The new version of Firefox 114 has a new DNS over HTTPS security feature. Only my official Mozilla Firefox versions have been updated, and both defaulted to off (should soon show up in Linux package managers). This setting would protect you on public WiFi if you&#8217;re not using a VPN to encrypt your traffic, as [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-4299","post","type-post","status-publish","format-standard","hentry","category-tech"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/4299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=4299"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/4299\/revisions"}],"predecessor-version":[{"id":4305,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/4299\/revisions\/4305"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=4299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=4299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=4299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}