- Explore the in-depth details of how Encrypted Client Hello (ECH) functions, transforming online security standards.
- Understand the collaborative approach involving Mozilla, academic scholars, and standards bodies in shaping ECH.
- Learn how ECH integrates seamlessly into Firefox, making privacy and security default settings for all users.
- Discover how ECH combines with DNS-over-HTTPS and VPNs, enhancing user privacy at multiple levels.
In the realm of the internet, our digital actions are constantly under scrutiny. While we usually link online tracking to ad networks and external sites, our virtual communications traverse commercial telecommunication networks, allowing privileged entities to intercept the names of the websites we frequent and capitalize on our browsing history.
Introducing Encrypted Client Hello (ECH) – a groundbreaking solution that shields crucial information, like the website’s identity, during the initial interaction between your device and the server. This safeguarding measure is now being implemented for Firefox users globally, paving the way for a more secure and confidential online experience.
So, what exactly is Encrypted Client Hello?
ECH signifies a significant leap toward a more private internet, one where confidentiality becomes the norm. Mozilla has diligently crafted this pioneering internet privacy technology for almost half a decade, collaborating with other browsers, infrastructure providers, academic scholars, and esteemed standards bodies like the Internet Engineering Task Force (IETF).
A substantial portion of our shared online data, including passwords, credit card details, and cookies, is shielded by cryptographic protocols such as Transport Layer Security (TLS). ECH represents a new TLS extension that not only protects our sensitive data but also safeguards the identities of the websites we access, addressing the existing gap in our online security setup.
Traditionally, when a browser connects to a site, it divulges the site’s name in its unencrypted initial message, leaving room for network operators or observers to monitor each user’s web activity.
ECH, however, deploys a public key sourced via the Domain Name System (DNS) to encrypt the first exchange between a browser and a website. This encryption shields the website’s identity from prying eyes, enhancing user privacy significantly.
Embracing privacy as the default setting.
With ECH integrated into Firefox, users can rest assured that their online activities are shielded from prying eyes. Yet, it’s crucial to note that Firefox’s ECH support is just one part of the equation – web servers must also adopt ECH. Thankfully, ECH is an open standard accessible to any website operator. Cloudflare has already embraced ECH, and we anticipate other providers following suit in the near future.
It’s vital to recognize that no single technology can offer a complete solution. ECH works hand in hand with other security and privacy features in Firefox, including DNS-over-HTTPS (DoH). DoH encrypts DNS queries, safeguarding the translation of website names to IP addresses and ensuring that website names remain concealed in DNS traffic – an essential element for ECH’s effectiveness.
Furthermore, DoH and ECH can be combined with a virtual private network (VPN) to add an extra layer of privacy and security. Here, the VPN masks a user’s IP address and encrypts data traffic, while ECH protects the identities of the websites a user visits, even from the VPN provider.
Mozilla firmly believes that privacy and security technologies should be the default for all users. However, we acknowledge that certain circumstances might warrant alternative preferences. For instance, users relying on family safety software, network-based ad blocking, or operating within an enterprise environment might have different needs.
ECH has been designed to work seamlessly with these practices and respect existing DoH opt-outs in Firefox. Users or administrators who have opted for increased or maximum levels of DoH protection will have their preferences honored.
A result of years of privacy-focused research, experimentation, and testing.
Mozilla embarked on the journey to modernize and fortify the Domain Name System (DNS) nearly five years ago, plugging long-standing data leaks in one of the internet’s foundational components. Concurrently, the groundwork for what eventually became ECH was laid. Developing these intricate systems safely and responsibly demanded time, experience, and collaboration with the community.
Throughout our extensive history of countering online tracking and surveillance, Mozilla’s contributions to standards bodies like the IETF have played a pivotal role. Our involvement in the development of technologies such as DoH, TLS1.3, QUIC, and more has shaped the landscape of online privacy and encryption.
Mozilla has consistently invested in technologies to safeguard Firefox users’ privacy, and ECH now offers an even higher level of privacy by shielding their browsing history from intrusive network practices. Reclaim your online privacy by downloading Firefox today.