Illustration: Aïda Amer/Axios

A new feature in Mozilla and, soon, Chrome web browsers will stop snoops — from your boss to criminals — from tracking which sites you visit. But the same technology also has opponents, as many groups fighting child exploitation say it will hamper their work, and a few internet experts argue it will undermine security.

The big picture: The feature, known as DNS over HTTPS (DoH), has a lot of support in the internet engineering and privacy communities, including the Internet Engineering Task Force, a key internet standards body. But as in the larger debate over encryption, privacy benefits can have downsides for some parties.

How it works: Until very recently, when you typed “axios.com” into a web browser, the first stage of that request was sent out over the internet unencrypted. That data could be:

  • Compiled and sold by Internet service providers and used for ads.
  • Subpoenaed by the government.
  • Available for your boss to see, if you worked on a corporate network.

DoH changes that by encrypting the name you visit, so no one but you and a DoH provider like Google, Cloudflare or Quad9 see them. And those groups pledge to quickly delete all logs.

Driving the news: Last week, Google announced it would switch Chrome and Android users to DoH whenever the provider they used for unencrypted browsing also offered DoH. Mozilla announced plans this weekend to begin testing out DoH by default for all users in the U.S.

  • That created an uproar at child endangerment organizations, who worry that enabling DoH by default will circumvent parental filtering software in the U.S.
  • Groups have had similar concerns in the U.K., where internet service providers filter illicit websites as users try to access them — something that's impossible to do with DoH.

Google thinks it is being misunderstood. The company's proposal would only change a user's settings from the old, unencrypted system if doing so wouldn't affect existing filters and security, meaning the child endangerment argument really wouldn't apply.

  • "All existing filters and controls remain intact," the company said in a statement.

But there are security reasons why some people oppose DoH, too.

  • Paul Vixie, who laid a lot of the groundwork for the old DNS system, warns that DoH prevents corporations from filtering connections to malicious domains.
  • Vixie believes that a nearly identical service that provides better visibility, DNS-over-TLS (DoT), is a superior choice. Both options use the same encryption algorithm.

DoH advocates argue that their preferred protocol has a key advantage over DoT. DoH uses the same pathways as web browsing, making it impossible to block without blocking all web browsing. DoT doesn't disguise itself that way.

  • But Vixie believes that puts the security of the few over that of the many. "With DoH, they are solving a problem that most of the world doesn't have by creating a problem that everyone in the world will have," he said.

Mozilla says that many concerns are already being addressed on its end.

  • "Our deployment plan will disable DoH if parental controls are in place," said Selena Deckelmann, senior director of engineering, adding the same will be true when Firefox detects certain security products.
  • And Cloudflare notes that parental filters that operate before starting to connect to a website will still work. "Someone looking to use DoH to keep their web browsing data private can apply parental filters or security products on their DoH endpoint," said Alissa Starzak, Cloudflare head of policy.

The bottom line: The risks to parental controls might not be as grim as the child endangerment argument suggests.

Go deeper

Updated 21 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 3 p.m. ET: 12,794,395 — Total deaths: 566,210 — Total recoveries — 7,033,187Map.
  2. U.S.: Total confirmed cases as of 2 p.m. ET: 3,278,946 — Total deaths: 135,066 — Total recoveries: 995,576 — Total tested: 39,553,395Map.
  3. States: Florida smashes single-day record for new coronavirus cases with over 15,000 — Miami-Dade mayor says "it won't be long" until county's hospitals reach capacity.
  4. Public health: Ex-FDA chief projects "apex" of South's coronavirus curve in 2-3 weeks — Coronavirus testing czar: Lockdowns in hotspots "should be on the table"
  5. Education: Betsy DeVos says schools that don't reopen shouldn't get federal funds — Pelosi accuses Trump of "messing with the health of our children."

Lindsey Graham says he will ask Mueller to testify before Senate

Photo: Tasos Katopodis/Getty Images

Senate Judiciary Chairman Lindsey Graham (R-S.C.) tweeted Sunday that he will grant Democrats' request to call former special counsel Robert Mueller to testify before his committee.

The big picture: The announcement comes on the heels of Mueller publishing an op-ed in the Washington Post that defended the Russia investigation and conviction of Roger Stone, whose sentence was commuted by President Trump on Friday.

4 hours ago - Health

Florida smashes single-day record for new coronavirus cases

Data: Covid Tracking Project; Chart: Axios Visuals

Florida reported 15,299 confirmed coronavirus cases on Sunday — a new single-day record for any state, according to its health department.

The big picture: The figure shatters both Florida's previous record of 11,458 new cases and the single-state record of 11,694 set by California last week, according to AP. It also surpasses New York's daily peak of 11,571 new cases in April, and comes just a day after Disney World reopened in Orlando.