this post was submitted on 05 Oct 2023
278 points (97.9% liked)

Firefox

17857 readers
1 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
278
Say (an encrypted) hello to a more private internet. | The Mozilla Blog (blog.mozilla.org)
submitted 2 years ago by kixik@lemmy.ml to c/firefox@lemmy.ml
23 comments fedilink hide all child comments
 

r/privacy

you are viewing a single comment's thread
view the rest of the comments
[–] Bitrot@lemmy.sdf.org 5 points 2 years ago* (last edited 2 years ago)

It does not. ECH will work without DOH, but anybody listening can just see what site you’re querying from DNS instead of listening to SNI. Combining them is the most private.

Edit: This is wrong, in the sense that Mozilla has chosen to link the ECH setting with your DNS setting, even though they are separate. If you are using a local resolver, even if it is in turn using DoH or DNSCrypt upstream, Firefox won't use ECH and will instead leak SNI information to your ISP. This is disappointing behavior that from another company would seem designed to coax you into a certain direction.