Upgrade Your Web Security in 1 Minute
Here’s something super quick that you can do right now to increase your privacy and security when browsing the internet.
Google Chrome:
- Navigate to chrome://settings/security
- Scroll down to Advanced settings
- Enable “Always use secure connections”
- Enable “Use secure DNS”
Firefox:
- Navigate to about:preferences#privacy and scroll down to HTTPS-Only Mode
- Enable HTTPS-Only Mode in all windows
- Enable DNS over HTTPS. Use the highest protection level you are able to.
What do these settings do?
Enforced HTTPS
HTTPS encrypts the communication between your web browser and the websites you visit. However, it is the responsibility of the developers of each website to make their sites support HTTPS. Many sites support both HTTPS and HTTP without enforcing the use of HTTPS, or support HTTPS for the initial connection, but use HTTP to communicate in the background, and some may still not support HTTPS at all.
By telling your browser to enforce the use of HTTPS, you ensure you never accidentally expose any of your browser’s traffic over an insecure connection.
Secure DNS
Each time you visit a website, the name of that website must be translated into an IP address. Performing this task is the job of the Domain Name System, or DNS.
Just like you may not want your login credentials being sent unencrypted, you may not want the names of the websites you’re visiting to be sent unencrypted either. Enabling enforcement of secure DNS ensures that your DNS queries are encrypted, and thus hidden from anyone who may be in the path of that request. Only your device and of course the DNS server can decrypt your DNS queries.
That’s all there is to it!
If these settings are better, why can I disable them at all? Why aren’t they always enabled by default?
As mentioned before, not all sites fully support HTTPS, so enforcing it could cause some sites, or parts of them, to not work.
As for secure DNS, there is an overhead to encryption, which could potentially slow down your initial connection to websites, although DNS records are cached in multiple places for performance anyway, so this is unlikely to be noticeable.
You may also have specific a specific DNS server or software configured that is not compatible with browser-encrypted DNS queries.
For at least these reasons, these settings must be allowed to be disabled. However for most users, I would hazard a guess that they will notice no difference.
