Firefox 118 was released a week ago, and contrary to the usual trend in the development of Mozilla’s flagship, it is not just another ordinary version. This brought, among other things, such an interesting novelty as the integrated web page translator. But there was something else behind the scenes that interests you if you’re a browser user.

In fact, the two main new features of Firefox 118, the translator and improved protection against fingerprint detection, had one thing in common: privacy. The second for obvious reasons, the first not so much, although the peculiarity of the Firefox translator is that it works locally, in the same browser, without an Internet connection, and therefore promotes greater respect for the user’s privacy (the disadvantage is efficiency, but that’s another story).

But as I say, there was one more pearl in Firefox 118, or rather the seed of what was to come real progress in privacy. If it hasn’t been announced as part of a release, it’s because its implementation and deployment haven’t been completed yet. However, it is interesting enough that it is worth getting a little ahead of events and leaving everything ready, which is what we are after.

With all of this, you might be wondering what it’s all about, because ECH says relatively little. In a nutshell, ECH stands for Encrypted Client Hello, a substantial improvement to the TLS protocol, which, after many years of development, seems to have had its time. What is this improvement? ECH is much simpler and provides full encryption of data transmitted over a TLS connection. And by data I mean metadata.

Before ECH

Specifically: when you access a website using a browser, set it to the same, you know that the connection between the application and the server is encrypted if it is established through HTTPS, a protocol that is supported by many others, such as SSL or TLS, responsible for providing encryption. So the data transfer is encrypted, but there are things that remain visible, such as the domain name you are accessing. ECH also encrypts this information.

After ECH

The benefits that ECH brings with it are important, but here is a very simple example: with ECH activated, your ISP would not know that you are reading MC. Cool or not? It’s just an example. You can change your ISP for any intruder on your network, but also use the story to block websites, etc. Want a more technical explanation of Encrypted Client Hello? Check out this Cloudflare article (it’s in Spanish).

Now to the point: this week they published another article on the Mozilla blog introducing the new feature, with additional resources to expand on it, as well as some hints as to how the invention works in Firefox, and A basic requirement is to have secure DNS activatedan option that the browser implemented years ago and is currently offered by default, with but.

The problem is that Firefox uses default protection by default, which doesn’t always work the same way. It is therefore worthwhile to enter «Settings > Privacy & Security > Enable Secure DNS» and choose «Increased protection» or «Maximum protection» modes. The main difference between one and the other is that in the latter the connection is blocked if the provider fails.

The secure DNS provider that Firefox uses by default is Cloudflare, best prepared for ECH deployments. Of course, it is necessary for the sites to be updated (TLS 1.3) for the ECH to fulfill its mission and there are some that are not yet, but most are. In any case, you can prepare for the change… which, yes, is coming to Chromium et al (in fact, the base implementation in Chromium 117 did).