Mozilla’s effort to secure domain name requests now has a major new ally: Comcast. The cable giant’s Xfinity brand has become the first internet provider to provide encrypted DNS services through Mozilla’s Trusted Recursive Resolver program. If you’re a Firefox user with Xfinity service, it should be that much harder for people to snoop on your website requests or intercept them for attacks.
The technique needs companies like Comcast to help due to its very nature. In addition to encrypting the data using DNS over HTTPS, Mozilla needs to ensure that companies managing the data have rules that limit data collection, provide transparency for that data and prevent the domain name resolver from either blocking access or modifying the content. Companies like Cloudflare and NextDNS have already signed on.
More ISPs and other online infrastructure providers will need to sign on for this to be truly ubiquitous. If they do, though, this could significantly bolster privacy and security for those willing to lean on Firefox. And Comcast benefits beyond attracting privacy-conscious customers — as it still provides the resolver, it can provide parental controls and more localized results.