I've been a Mozilla browser user since the earliest days of Netscape. When my OS went from 32-bit to 64-bit I changed from Firefox to Waterfox as the later at the time was the only flavor in 64-bit. I was happy.

But recently Waterfox 56.2.14 has branched into two flavors with an update: classic and current
(https://www.waterfox.net/blog/waterfox- ... -download/). I had been having issues with recent releases of Waterfox not working with web sites (such as Roku) that used captcha validation (a documented Waterfox issue). The gent behind Waterfox, Mr. Alex, also moved the feedback forum to reddit which I won't join, so my ability to post issues for discussion is gone. And now Waterfox (newest release: 2019.10) is lagging without DNS over HTTPS capability. So I've "parked" Waterfox and have gone "back" to Firefox 64-bit (v 70.0).

Such is life in the browser world. LOL

==============================================

As for the DoH (DNS over HTTPS) here's a "how to" article:
https://www.zdnet.com/article/...ttps-doh-in-firefox/

And encrypting SNI:
https://blog.cloudflare.com/en...sni-firefox-edition/

And a couple test links:
https://1.1.1.1/help
https://www.cloudflare.com/ssl/encrypted-sni/
http://test-ipv6.com/

You should end up with seeing results like this:

This message has been edited. Last edited by: bald1,

Chrome users can do this as well
https://www.zdnet.com/article/...oh-in-google-chrome/
https://developers.cloudflare....-up-1.1.1.1/windows/

You might find this Ff fork a rather pleasing alternative. I also began with Netscape long ago and I used to use Waterfox but over a year ago I was led to Pale Moon and found it to be a very fast 64 bit better browser. YMMV!

See https://www.palemoon.org/

This DoH is about privacy without a VPN and its expense.

I'm inclined to trust Cloudfare much more than Goggle (DSN 8.8.8.8.) or my local ISP for that matter.

DNS over HTTPS is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

There is an OS for security minded folk, https://www.qubes-os.org/

quote:

Originally posted by Orthogonal:
There is an OS for security minded folk, https://www.qubes-os.org/

That's a linux OS and as far as Linux goes I prefer Mint which I run on my decade old laptop. My desktop is still a windows machine (Win10) which is why I explored this DoH concept for my desktop browser.

Kinda surprised no one has weighed in on the pros / cons of the DoH business. Folks use anti-tracking browser plug-ins, so.... Mmmmmm....

Some ISPs like Mediacom hijack your DNS settings and use their own instead regardless of what you have your router configured to do.

quote:

Originally posted by bryan11:
Some ISPs like Mediacom hijack your DNS settings and use their own instead regardless of what you have your router configured to do.

This DoH procedure overrides your router settings. From what I've read the European ISPs are upset because it also prevents them from what you're saying Mediacom does among other things.

Best explanation of DoH and why it's worthwhile I've found:

https://hacks.mozilla.org/2018...o-to-dns-over-https/

quote:

Originally posted by bryan11:
Some ISPs like Mediacom hijack your DNS settings and use their own instead regardless of what you have your router configured to do.

More and more big name ISPs are doing this, but on a more limited basis. When the DNS lookup returns NXDOMAIN, meaning the domain requested does not exist, they hijack you to a search page of their own, with ads and info collection. Regular lookups that resolve to a real domain still use your preferred name server and take you to the requested site.