Apple and Cloudflare Develop New Privacy-Focused Internet Protocol

Cloudflare has today announced that it has developed a new internet protocol, in collaboration with engineers from Apple and Fastly, focused on privacy (via TechCrunch).

cloudflare logo dark

The protocol, dubbed "Oblivious DNS-over-HTTPS," or "ODoH," makes it more difficult for internet service providers to know which websites users have visited.

When visiting a website, browsers use a DNS resolver to convert web addresses into machine-readable IP addresses to locate where the page is located. However, this is an unencrypted process and ISPs can see the DNS query and conclude which websites their users have visited. Internet service providers are also able to sell this information to advertisers.

Innovations such as DNS-over-HTTPS, or DoH, have added encryption to DNS queries. While this may dissuade bad actors who may wish to hijack DNS queries to point victims to malicious websites, DNS resolvers are still able to see which websites are being visited.

ODoH decouples DNS queries from individual users, so the DNS resolver cannot know which websites have been visited. This is achieved by encrypting the DNS query before passing it through a proxy server. This way, the proxy cannot see the query and the DNS resolver cannot see who originally sent it.

"What ODoH is meant to do is separate the information about who is making the query and what the query is," said Cloudflare's head of research, Nick Sullivan.

Page loading times and browsing speeds are said to be "practically indistinguishable" when using the ODoH protocol, according to Sullivan.

However, ODoH is only able to ensure privacy when the proxy and the DNS resolver are not controlled by the same entity. This means that ODoH will depend on companies offering to run proxies, otherwise the "separation of knowledge is broken."

While a few unnamed partner organizations are already running proxies, allowing early adopters to use ODoH using Cloudflare's 1.1.1.1 DNS resolver, the vast majority of users will have to wait until the technology is directly baked into browsers and operating systems.

Though it will likely first need to be certified as a standard by the Internet Engineering Task Force, considering that Apple was directly involved in developing the technology, it is not unreasonable to expect Apple to be among the first to integrate it in the future.

Top Rated Comments

chucker23n1 Avatar
22 months ago

SO i can use it right now by just changing my DNS to 1.1.1.1?
No. That’ll change you to DoH, if your resolver supports it. ODoH isn’t yet implemented anywhere.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
22 months ago

I use OpenDNS

https://en.wikipedia.org/wiki/OpenDNS

208.67.222.222
208.67.220.220
That doesn’t protect you from your ISP’s eyes and selling your browsing data. Ali and Bob in tech support still know you’re into dwarf domination cosplay.
Score: 8 Votes (Like | Disagree)
thederby Avatar
22 months ago

Who TF is "Fastly"?

only one of the top three CDNs on the planet.
Score: 7 Votes (Like | Disagree)
locovaca Avatar
22 months ago

You have to trust the resolver and if you have content filtering in use that uses DNS based filtering, this is not a good thing. That said, I have found cloudflare to be very fast and secure. Since I do use content filtering and ad blocking, I use pihole with unbound and it has been great.
Yup, and now we’re running into the issue of apps and devices that ignore DNS servers offered up by your router and instead hardcode Google or others so they can defeat DNS based add blockers. This is just another attempt to keep ads working under the guise of “security.”
Score: 5 Votes (Like | Disagree)
Helmlein Avatar
22 months ago
DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.

And businesses will know how to configure their MITM-proxies to prevent (O-)DoH or DoT anyway; this will just help the likes of BlueCoat.

H.
Score: 5 Votes (Like | Disagree)
chucker23n1 Avatar
22 months ago

DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.
Apple will most likely implement this in the OS, so…
Score: 3 Votes (Like | Disagree)

Related Stories

DaVinci Resolve 17 3 Color

DaVinci Resolve Video Editor Gains New Processing Engine That's Up to 3 Times Faster on M1 Macs

Friday August 20, 2021 3:57 am PDT by
Blackmagic Design has announced a new update to its professional video editing and color correction software, DaVinci Resolve, that includes a new processing engine offering significantly better performance on Apple silicon Macs. Thanks to the completely reworked engine, DaVinci Resolve 17.3 can work up to 3 times faster on Apple Mac models with the M1 chip, according to the company. The...
craig wwdc 2021 privacy

Report Highlights How Top Apple Executives Disagreed Over How Far iOS Anti-Tracking Measures Should Go

Monday March 14, 2022 7:19 am PDT by
A new report has highlighted how three top prominent executives initially found themselves at odds in early deliberations about Apple's App Tracking Transparency framework. According to the report from The Information, the executives who disagreed over how far Apple should go in protecting user privacy in digital advertising included Apple's Craig Federighi, who oversees software...
ios15 mail privacy feature

watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could Expose IP Addresses

Tuesday March 15, 2022 6:42 am PDT by
watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user's IP address when downloading remote content, security researchers have found. Last year, it emerged that Apple's Mail Privacy Protection feature was undermined by a lack of Apple Watch support. Mail Privacy Protection was a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP...
Apple One Apps Feature

iCloud and Many Other Apple Services Are Down or Experiencing Issues [Resolved]

Monday March 21, 2022 9:55 am PDT by
Apple is experiencing a widespread outage today, with a wide range of the company's services and apps down or experiencing issues currently. Affected services and apps include the App Store, iCloud, Siri, iMessage, iTunes Store, Apple Maps, Apple Music, Apple Podcasts, Apple Arcade, Apple Fitness+, Apple TV+, Find My, FaceTime, Notes, Stocks, and many others, according to complaints across...
webkit vs chromium feature

Should Apple Continue to Ban Rival Browser Engines on iOS?

Friday February 25, 2022 7:39 am PST by
Apple requires all apps that browse the web in iOS and iPadOS to use its own browser engine, WebKit, but amid accusations of anti-competitive conduct, should it continue to effectively ban rival browser engines? Big tech has been gripped by accusations of anti-competitive conduct in recent times, with Chief Executive of the UK's Competition and Markets Authority (CMA) Andrea Coscelli...
webkit logo

Web Developers Form Advocacy Group to Allow Other Browser Engines on iOS

Wednesday March 2, 2022 4:29 am PST by
Apple is being challenged by a group of developers to end WebKit's dominance on its mobile devices and allow other browser engines on iPhone and iPad, following accusations that the current situation amounts to anti-competitive conduct. For those unfamiliar with WebKit, Apple's browser engine powers Safari and other areas of the operating system where web content is displayed. Apple requires ...
apple tv plus up next website

Apple TV+ Website Gains Up Next Queue

Wednesday March 23, 2022 1:20 pm PDT by
Apple has updated its dedicated Apple TV+ website with an Up Next queue for shows, making it easier to keep track of and watch Apple TV+ content on the web. The Up Next queue is a new addition to the Apple TV+ website, introduced earlier this week, according to 9to5Mac. Prior to now, the Apple TV+ website had an option for adding a show to the Up Next queue, but the Up Next queue did not...
european parliament

EU Provisionally Agrees on Law That Would Force Apple to Allow Alternative App Stores, Sideloading, and iMessage Interoperability

Friday March 25, 2022 4:46 am PDT by
European lawmakers have provisionally agreed upon a new law that would force Apple to allow user access to third-party app stores and permit the sideloading of apps on iPhones and iPads, among other sweeping changes designed to make the digital sector fairer and more competitive. The European Council and European Parliament said on Friday they had reached a political agreement on the...

Popular Stories

iPhone 14 Dummies 1 Feature

Everything Rumored for Apple's September Event: iPhone 14, Apple Watch Pro and More

Friday August 12, 2022 2:34 pm PDT by
There's just about a month to go until Apple holds its annual September event focusing on new iPhone and Apple Watch models. We thought we'd take a quick look at everything that's rumored for Apple's September event to give MacRumors readers a rundown on what to expect when the first fall event rolls around. iPhone 14 The iPhone 14 can probably be described more as an "iPhone 13S" because...
airpods pro black background

AirPods Pro 2: Five New Features and Improvements to Expect

Sunday August 14, 2022 3:28 pm PDT by
Apple's second-generation AirPods Pro are finally nearing launch, with a release expected later this year. If you are considering upgrading to the new AirPods Pro once they are released, keep reading for a list of five new features to expect. In addition to all-new features, the second-generation AirPods Pro will likely adopt some features added to the standard AirPods last year. H2 Chip ...
z fold 4 1

Hands-On With Samsung's Latest Foldable Smartphones, the Galaxy Z Fold and Z Flip

Friday August 12, 2022 12:46 pm PDT by
Samsung this week launched its fourth-generation foldable devices, the $1,000 Galaxy Z Flip and the $1,800 Galaxy Z Fold. Though there's no sign of a comparable Apple foldable device on the horizon, rumors suggest prototypes are in the works, so we thought we'd take a look at Samsung's newest smartphones to see what Apple needs to measure up to when a foldable iPhone does come out. Subscribe ...
top stories 13aug2022

Top Stories: New Battery Percentage Icon in iOS 16, USB-C AirPods Rumor, and More

Saturday August 13, 2022 6:00 am PDT by
This week brought some shocking news for iOS 16 beta testers, with Apple bringing back the iPhone battery percentage to the status bar after a number of years. Other news and rumors this week included word that Apple has started recording portions of its media event planned for next month to introduce the iPhone 14 and Apple Watch Series 8, claims about iPhone 14 Pro pricing and Apple's...
iCloud General Feature

Apple Remains Silent About Plans to Detect Known CSAM Stored in iCloud Photos

Saturday August 13, 2022 1:52 pm PDT by
It has now been over a year since Apple announced plans for three new child safety features, including a system to detect known Child Sexual Abuse Material (CSAM) images stored in iCloud Photos, an option to blur sexually explicit photos in the Messages app, and child exploitation resources for Siri. The latter two features are now available, but Apple remains silent about its plans for the CSAM...
apple watch se

Apple Watch SE vs. Apple Watch Series 8: New Features to Expect If You've Waited to Upgrade

Monday August 15, 2022 2:44 am PDT by
The Apple Watch SE was announced in September 2020 and has been a popular Apple Watch model for customers looking for their first smartwatch or an affordable Apple Watch. Apple Watch SE customers may be wondering, however, what's in store for them with the upcoming Apple Watch Series 8 and what new features they can expect. Continue reading to find out. Apple Watch SE vs. Apple Watch Series ...