Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

DoH versus VPN

  • 5 cavab
  • 1 has this problem
  • 1 view
  • Last reply by SeaWolfe

more options

Do I need to enable/use DoH if I already use a separate VPN (Nord) for all my online work?

Do I need to enable/use DoH if I already use a separate VPN (Nord) for all my online work?

Chosen solution

Found this article, which says NO, DoH doesn't replace a VPN nor add anything to my security or privacy:

"DNS over HTTPS should never be conceived as a 1-to-1 replacement for a VPN client; at the very least, we can consider it as its counterpart, its partner in crime. While the VPN ‘scrambles’ your IP as to make it impossible to track your activity, DoH only ensures that the communication channels with the DNS are secured by encapsulating the DNS querying in the HTTPS."

https://heimdalsecurity.com/blog/replacement-for-vpn/

Read this answer in context 👍 0

All Replies (5)

more options

Hello,

DoH is encrypted DNS Lookups. Your privacy wants likely are different than mine, so I will not say yay or nay, and will not comment on the VPN provider.

The fact that the DNS requests are encrypted means that the isp (be it your real off VPN or your VPN's on VPN) does not see the content of your DNS Lookups. They can still see the location your packets go to (how else could they know where to send them).

This means that it can bypass DNS based domain blocks, as it uses a different server, and cannot be seen what domain you are going to.

There is an argument to be made that VPN's can cripple your privacy, but I will not get into that here.

TL;DR: DoH is another measure to secure privacy; not everyone needs it or should use it.

more options
more options

Seçilmiş Həll

Found this article, which says NO, DoH doesn't replace a VPN nor add anything to my security or privacy:

"DNS over HTTPS should never be conceived as a 1-to-1 replacement for a VPN client; at the very least, we can consider it as its counterpart, its partner in crime. While the VPN ‘scrambles’ your IP as to make it impossible to track your activity, DoH only ensures that the communication channels with the DNS are secured by encapsulating the DNS querying in the HTTPS."

https://heimdalsecurity.com/blog/replacement-for-vpn/

more options

Yes. It is not a replacement, but it is a better solution for some people.

Many people do not need a vpn, but their DNS is blocking sites or is leaking information. DoH solves their problem for free. They both can be used effectively together and apart.

more options

I've been using a VPN for several years now, ever since my former employer required me to do so whenever I worked from home, before I retired. I pay for the service and consider it money well spent. The crux of my question was whether ALSO using Firefox DoH, which I first heard about yesterday, added anything to my privacy and security? If not, whether using BOTH affected my performance? My bottom line is that a VPN protects all my internet traffic (email, onedrive/Google Drive, Office 360, and other browsers [I only use Chrome ifn I have a problem with Firefox and never bother with Edge!]), so I can see no reason to enable FF DoH. I've just disabled it.

The reason for asking the question is that I searched FF FAQs and didn't see this addressed. Thanks for the response.