Guide - DNS over HTTPS

Quick tip on increasing your privacy while browsing the web. For whatever odd reason, the current release of the Brave browser does not have the “Secure DNS over HTTPS” flag in its configuration file. So it is time for a mass exodus back to Firefox which allows for this configuration and the ability to choose which DNS resolver to communicate with. In this tutorial you will be connecting to the Cloudflare server so that you can make DNS queries within an encrypted channel and therefore block your ISP from logging all your activity.

1. Configuring Firefox

  • download the latest version of Firefox here https://www.mozilla.org/en-US/firefox/new/

  • right click the three bar menu at the top right

  • under “General” you can first change “Auto Updates” to “Check for updates but let you choose to install them. It is best practice to manually install updates but if you do not care then just leave it on auto

  • under “Browsing” uncheck “Recommend extensions as you browse” and “Recommend features as you browse”

  • next click on “Privacy & Security” tab on the left menu

  • you can leave the “Enhanced Tracking Protection” on “Standard” because you will be installing a few extensions that tighten your browser’s privacy later

  • click the radio button for “Always” under “Send websites a Do Not Track signal”

  • check “Delete cookies and site data when Firefox is closed” under “Cookies and Site Data” – remember that this means no session data is ever stored and you will have to relogin everytime

  • under “Logins and Passwords” uncheck everything – you never want autofills because that means your credentials are being saved on your computer somewhere

  • under “Forms and Autofill” uncheck everything

  • if you wish to keep tab history so that whenever you close firefox you can reopen it and continue where you left off, leave “Remember history” under “History” – make sure to delete history periodically, though

  • under “Address Bar” uncheck “Top sites” – you can uncheck the others but it is nice to have a recurrent site history so that you don’t type in the same website domain a hundred times a day

  • under “Permissions” click “Settings” to the right of “Location” and check “Block new requests asking to access your location” and then “Save Changes” – do the same for “Camera”, “Microphone”, “Notifications”, and “Virtual Reality”

  • check both “Block pop-up windows” and “Warn you when websites try to install add-ons”

  • under “Firefox Data Collection and Use” uncheck everything

  • under “Security” check everything

  • under “Certificates” click the “Ask you everytime” radio button and check “Query OSCP responder servers to confirm the current validity of certificates”

  • under “HTTPS-Only Mode” click the “Enable HTTPS-Only Mode in all windows” radiobutton



    • 2. Configuring DNS over HTTPS
  • go back to “General” on the left menu and scroll to the bottom

  • click “Settings” under “Network Settings”

  • at the bottom, check “Enable DNS over HTTPS” and use “Cloudflare”

  • press okay to save

  • now to test if the configuration is working head on over to https://1.1.1.1/help

  • let the test finish and if “Using DNS over HTTPS(DoH) results with “Yes” then you are good to go

  • now your DNS queries will be private and hidden from your ISP

  • your ISP can see any website you go to by default but now that you are using DNS over HTTPS, you deny them that power



    • 3. Privacy Extensions
  • download these four extensions: “Cookie AutoDelete”, “Decentraleyes”, “uBlock Origin”, and “uMatrix”

  • you can read about those four on their individual information pages, but they cover most of what you will need to secure your privacy

  • note: uMatrix effectively destroys websites that rely heavily on javascript – you can manually turn of uMatrix or configure it to block specific things for your day-to-day websites, but it is good to have when visiting random websites on the web that could harbor malicious code