Set DNS-over-HTTPS by default, everywhere in the world


Governments are constantly trying to censor and spy on the internet activity of its citizens for various reasons.

While it’s clear that there will always be ways to circumvent censorship and surveillance (Tor, VPN etc.), most users either don’t have the skills or simply don’t do it.

Almost any government will tell you that censorship and surveillance is about making the Internet “safer”, as Kazakhstan explained to justify its MITMs when they asked its citizens to install a root certificate in their computer.

I’m sure most of you don’t accept this, and it’s important to fight for free access to information and against mass surveillance.

Two recent examples include RT and Sputnik which were suddenly blocked in many countries in Europe with their lying DNS (I want to clarify that I do not support these media at all, which are propaganda tools of the Kremlin, itself against net neutrality, and that I support the Ukrainian people against the Russian invasion, but I think that anyone who wants to access RT and Sputnik, as long as they exist, should be able to do so without interference from their government.)

In France, for example, it is now porn sites that risk being blocked, as happened in the United Kingdom.

There is no valid reason to censor the Internet, even a terrorist website, and traditional techniques like voluntary Google delisting or social media actions should be sufficient.

Web censorship, all over the world, is progressing very quickly, including countries qualified as “liberal”, and we must continue to move in the right direction without being intimidated by the censors.

Internet censorship is a means of pressure from a government, and this can clearly have consequences for the policy that a company adopts.

For example, in Nigeria, Twitter was blocked. To end this blocking, the social network has agreed to respond to government requests (censorship)

Blocking wouldn’t be possible if internet security was built into browsers by default, and sites would no longer be at risk of seeing a large chunk of a country’s audience collapse overnight.

There are tons of examples where security has triumphed over the eye of governments, like the clipper chip in the US, and DNS should be the next step.

Governments, ISPs (who are usually very compliant with their governments), intelligence agencies, will tell you this is a bad thing and will pressure you not to do this, but if security and privacy is really a concern of Mozilla, you should. If these people could destroy HTTPS and roll back, they would.

DNS is just one step, then censors will start wanting to filter IPs coming in and out of their network. Since the traffic is almost always encrypted, they will struggle with CDNs and shared hosts.

The next step, after DNS-over-HTTPS, will be (I think) to make VPNs more widespread, because many governments use the IP address of their citizens to find their identity. With VPNs, the game will be even more complicated for them, and freedom of expression will be protected, as expression does not involve any imminent danger. Also, incoming and outgoing IP addresses will be protected (this will make it impossible, for example, for a government to associate an IP with a site.)

Even if you don’t want to generalize DNS-over-HTTPS and want to stay on the current way, it’s only a matter of time before a government threatens you with a ban if you don’t include a feature or setting in the browser (at least for those who download / update Firefox from the country in question), such as a corrupted certificate.

Imagine that Kazakhstan threatened to block connections to Firefox’s servers when Firefox started blocking its corrupt certificates.

Take a stand now, all over the world.

The more security becomes widespread, the harder it will be for censors to go back, like HTTPS.

If Firefox starts using DNS-over-HTTPS by default everywhere in the world, it is very likely that other popular browsers will follow and feel less alone.