Mozilla has begun enabling a Firefox privacy feature for its users in the US that should make it harder for ISPs or others to track users online, a move that could land it in hot waters amid increasing calls from the government agencies for data sharing for surveillance. The technology, called DNS over HTTPS — DOH for short — protects a crucial internet addressing technology with encryption.

The feature had been in testing for months, with Mozilla finally rolling out the feature on Tuesday in the US. The global roll-out is supposed to follow in the coming weeks after Mozilla checks for loopholes.

DOH comes in the midst of a shift toward privacy that has been triggered by data breaches, like Facebook’s Cambridge Analytica scandal. Mozilla has long been a flag bearer of privacy, while Apple has made it a major priority. Even Google and Facebook, online advertising giants that make money by following you around the web, are trying to adopt safer approaches amid an increasing number of security meltdowns.

“DNS over HTTPS has the potential to close one of the largest privacy gaps on the web,” said Max Hunter, an engineering director at the Electronic Frontier Foundation, an online privacy group, in an earlier blog post.

DOH, which Mozilla pioneered, encrypts the DNS address lookup to shield it and to protect against tampering. The move has found support from Google’s Chrome team and privacy-focused browser Brave (and opposition from UK ISPs that nominated it for an Internet Villian award).

But there are also a number of ifs and buts that come with DOH,

One concern is that DOH could centralize DNS activity; another is that it could offer companies a new way to track you online.

Bert Hubert, the creator of the PowerDNS software, says that “I find it highly disappointing that Mozilla decided, on behalf of all users it deems American, that this was a good idea. While encrypted DNS is great, it matters a great deal who you encrypt your DNS to. They did not perform surveys, for example, on how people would feel about giving a trace of all their internet activities to Cloudflare.”

In a policy blog post on Tuesday, Mozilla defended its move to make DOH default in the US.

“Few users understand the use of DNS in their use of the internet or the potential for widespread abuse of their DNS information,” Mozilla said in a policy blog post. “Rather than putting the onus on users, Mozilla is taking steps to ensure that personal privacy is the default for all users, and to give users the ability to select non-default options if they so choose.”

Mozilla also asserted that the DOH approach reduces centralization. Mozilla’s DOH embrace will mean less centralization “because it shifts DNS traffic away from large ISPs and provides users with more choice.”

As of now, Firefox offers two DOH service choices, Cloudflare and NextDNS, and requires DOH partners to follow a stringent privacy policy barring the sale of private data.