Right now, internet service providers around the world are keeping a record of every site you’ve ever visited by default. Even when you’ve been browsing in Incognito, or Private, mode.
That’s right. Your internet provider has a record of every time you’ve visited Facebook; every illegal torrent site you’ve been to; dumb questions you’ve asked Google; and all those other things you do online that you might be ashamed of.
And until a few years ago, before https (the little padlock symbol in your browser) became the norm, these internet service providers (ISPs) – and everyone else on the journey between you and your online activity was able to see what you were up to – too.
Shocking isn’t it? I’ll come to how and why the ISPs are doing this later. But for now, I want to make the following point really clear: the only easy way to keep your online activity truly private is to use a VPN – one with AES with 256-bit keys (military-grade) encryption. And more importantly, one that has a “no log” policy.
Even then, you’re trusting that the VPN isn’t lying to you. And over the past few years, several VPNs have been caught keeping logs, and in some cases, handing them over to governments when requested. Despite advertising otherwise. It’s a wildly unregulated industry.
Should you care that your ISP can see every website you visit? And the answer to that question is an emphatic “yes”.
Why? Because I subscribe to Murphy’s law: “Anything that can go wrong will go wrong”. And the thought of ISPs keeping a record of all the websites we’ve ever visited, fills me with dread.
What if an ISP suffers a data breach and these records are stolen? Will our browsing history be sold to the highest bidder on the Dark Web and all of our secrets used as a ransom? Probably.
That’s just one possible, and fairly lightweight, scenario.
Needless to say, protecting your online activity is something you should start taking seriously. Which is why I was encouraged to read the news this week that Mozilla will begin updating its Firefox web browser to have DoH turned by default.
DNS (domain name system) over HTTPS (DOH) means that your DNS look-up, the action of transforming a written URL into an IP address, will be encrypted.
Using a browser with DOH means that all those snooping eyes that have been keeping track of where you go on the internet will be redundant.
This change involves the Domain Name Service, which lets you get anywhere online by translating your request for a site into the numeric Internet Protocol, or IP, address matching the computer that will deliver the web page in question.
With traditional internet providers, “DNS” sends these queries without the encryption protecting most email and web browsing. So your provider could know the domain names you wanted to visit, as could an eavesdropper online.
Firefox will close that loophole by cutting your internet provider and any interlopers out of the loop. Instead, it will send each lookup query via an encrypted link to the network-security firm Cloudflare, which has offered a free and encrypted DNS service since 2018.
Your provider will still see the Internet Protocol addresses of sites you visit – but in many cases, they will only match servers at “content distribution networks” that host multiple companies, leaving little clue about where you went.
Mozilla says this will be switched on automatically “over the next few weeks.”
To see if Firefox’s new feature is active or to turn it on yourself, click the menu button at the top right corner, choose “Preferences,” scroll all the way down to the Network Settings header and click the “Settings” button below that, and check the “Enable DNS over HTTPS” option.
This move from Mozilla will, no doubt, add fuel to the national security versus encryption-by-default, debate. Governments and national security agencies want visibility over what people are looking at online for obvious reasons.
The price that we, the average law-abiding citizen, have had to pay for this, has been collectively giving up our right to online privacy too.
Which is ridiculous. Not least because any bad guy worth his, or her, salt will already be paying a few dollars a month for a good VPN that doesn’t log it’s user’s online activities. And thus makes the whole national security argument trivial.