Firefox 143 for Android to introduce DoH

Original Article ↗ Hacker News Discussion ↗

Why browser-level DoH on Android?

  • Many argue the main reason is privacy from the OS vendor (Android = Google). Users may prefer to trust a browser over the OS stack.
  • Browser-level DoH reduces the number of parties that see DNS queries (no OS, VPN app, or OEM resolver in the path).
  • Android’s DNS features are version- and vendor-dependent; not all devices or ROMs support DoH/DoT consistently.
  • Firefox can offer clear UI controls for enabling/disabling DoH and choosing resolvers, which Android typically does not.
  • Firefox uses a curated list of “trusted recursive resolvers” with contractual privacy guarantees, unlike opaque OS behavior.

Privacy, leaks, and limitations

  • Several comments point out that DoH alone doesn’t hide which site you visit: IPs and TLS metadata still leak information.
  • Others note that Firefox pairs DoH with Encrypted Client Hello (ECH), which together better conceal domains from on-path observers.
  • Android VPN and “privacy” features have had DNS and connectivity-check leaks, making in-app DoH attractive for those who don’t trust the OS.

DoH providers, centralization, and trade-offs

  • Suggested providers: Quad9, Mullvad, NextDNS, ffmuc, Wikimedia’s experimental service, self-hosted DoH (with caveats).
  • Quad9 is praised for global coverage and strict IP-handling policies; Mullvad for privacy/ad-blocking but limited geography.
  • Cloudflare’s short-term logging and sampled packet retention raise concerns for some; others see that as acceptable.
  • Centralization is a major worry: defaulting to a few big DoH resolvers shifts visibility from ISPs to large global players.
  • Techniques like splitting queries across multiple resolvers are discussed but may unintentionally leak more information per “site.”

Impact on local/self-hosted DNS

  • Operators of home or custom DNS lose transparent control when browsers bypass DHCP-provided resolvers via hardcoded DoH.
  • This breaks internal split-horizon DNS and local overrides unless clients are explicitly configured.
  • RFC 9463 is mentioned as a mechanism to advertise DoH endpoints via DHCP, but tooling support is still lacking.

DoH vs DoT and technical details

  • Android is noted as primarily supporting DoT, not DoH; Firefox chooses DoH because it blends into normal HTTPS (port 443) and circumvents ISPs that block third-party DNS.
  • Some note that, since Firefox is a browser and the DoH spec’s lead author had browser background, HTTP tooling and expertise made DoH a natural fit.

Disabling or controlling DoH on networks

  • Network operators wanting to block DoH face difficulty because it’s just TLS on port 443.
  • Options mentioned: IP/SNI blocking of known DoH hosts, or full TLS interception and strict egress firewalls; both are imperfect or heavy-handed.

Firefox for Android UX and alternatives

  • Opinions on Firefox Android performance are split: some report severe lag and poor background behavior; others find it fine even on older hardware.
  • Many continue using it solely for full uBlock Origin support.
  • Alternatives discussed: Brave, Orion (iOS), Lemur, Kiwi, Vivaldi, Samsung Browser with adblock extensions, and Edge Canary with extension support.
  • Some prefer DNS-level adblocking (Pi-hole/AdGuard Home + VPN/Tailscale), while others say this is less effective than in-browser blocking.