Archives

Enabling ESNI in Firefox

imageFor those of you using Firefox, you can make your browsing more secure by doing the following:

  1. Update to the latest version of Firefox.
  2. Type about:config in the URL bar to get to the configuration screen.
  3. Type esni in the search field and look for network.security.esni.enabled
  4. Doubleclick this row to change it to true. What this means is: The Server Name Indication (SNI) exposes the hostname the client is connecting to when establishing a TLS connection. Doing so can compromise your privacy. Encrypted SNI keeps the hostname private when you are visiting an Encrypted SNI enabled site on Cloudflare by concealing your browser’s requested hostname from anyone listening on the Internet.
  5. Type trr in the search field and look for network.trr.mode
  6. Doubleclick on this and change it to 2 – this switches all DNS calls to be made over HTTPS.
  7. Restart Firefox (probably not necessary but do it anyway) and browse to https://encryptedsni.com then click on Check My Browser to test the browser’s security. You can visit this site with your existing browser and test it to see what’s secure and what’s not.
  8. Doesn’t require Firefox -> permanently change your Primary DNS server to 1.1.1.1 and your secondary to 1.0.0.1. On your phone, on your router, on your PC, everywhere. These belong to Cloudflare. 1.1.1.1 supports DNS over TLS assuming you are using a client (like Firefox) to take advantage of that functionality.

I use Chrome and unfortunately this functionality doesn’t exist in that browser at time of writing (although I *am* using Cloudflare’s DNS). But any steps you take to protect your privacy on the net are good steps. Might need to temporarily switch to Firefox until this stuff makes its way Chrome-side. TL;DR: Your ISP and other enterprising internet entities can see every website you look up; using these technologies allows you to shield your activity so The Man don’t see you.