Mozilla announced on Thursday that Comcast was the first ISP to provide Firefox users with private and secure encrypted Domain Name System (DNS) services through Mozilla's Trusted Recursive Resolver (TRR) Program.
The TRR program helps protect Firefox browser users' online privacy without impacting their quality of experience, according to Comcast.
For more than 35 years, DNS has functioned as the key mechanism for accessing sites and services on the internet. By serving as the internet's address book, DNS translates website names into the internet addresses that a device understands in order for the browser to load the correct website.
Over the past few years, Mozilla, Comcast and other industry stakeholders have been working to develop and standardize a technology called DNS over HTTP (DoH.) DoH aids in protecting browsing activity from interception, manipulation and collection in the middle of a network by encrypting the DNS data.
According to Comcast and Mozilla, DoH is the first step. The second step requires the companies that handle the data have specific rules in place, such as the ones that are outlined in the TRR Program.
The TRR Program was designed to standardize requirements across three areas: limiting data collection and retention from the resolver, ensuring transparency for any data retention that does occur, and limiting any potential use of the resolver to block access or modify content.
By combining the DoH technology with strict operational requirements for those implementing it participants can improve users online privacy, according to Comcast.
Comcast launched public beta testing of DoH in October. Since then, it has continued to improve the service and has collaborated with others in the industry via the Internet Engineering Task Force (IETF), the Encrypted DNS Deployment Initiative (EDDI), and other industry organizations around the world.
All of the collaboration helps ensure that users’ security and parental control functions that depend on DNS aren't disrupted during upgrades to encryption. In October, Comcast announced a series of key privacy commitments, including reaffirming its longstanding commitment not to track the websites that customers visit or the apps they use through their broadband connections.
"We’re proud to be the first ISP to join with Mozilla to support this important evolution of DNS privacy. Engaging with the global technology community gives us better tools to protect our customers, and partnerships like this advance our mission to make our customers’ internet experience more private and secure,” said Comcast Cable's Jason Livingood, vice president, technology policy and standards, in a statement.
Cloudflare and NextDNS have also joined TRR Program. Mozilla started deploying encrypted DNS over HTTPS (DoH) by default for U.S.-based Firefox users in February, but began testing the protocol two years ago.
Similar to security vendors, service providers and other vested parties, TRR needs to create a broad ecosystem to be successful.
“Comcast has moved quickly to adopt DNS encryption technology and we’re excited to have them join the TRR program,” said Firefox CTO Eric Rescorla, in a statement. “Bringing ISPs into the TRR program helps us protect user privacy online without disrupting existing user experiences. We hope this sets a precedent for further cooperation between browsers and ISPs.”