Apple and Cloudflare Develop New Privacy-Focused Internet Protocol

by

Cloudflare has today announced that it has developed a new internet protocol, in collaboration with engineers from Apple and Fastly, focused on privacy (via TechCrunch).

cloudflare logo dark

The protocol, dubbed "Oblivious DNS-over-HTTPS," or "ODoH," makes it more difficult for internet service providers to know which websites users have visited.

When visiting a website, browsers use a DNS resolver to convert web addresses into machine-readable IP addresses to locate where the page is located. However, this is an unencrypted process and ISPs can see the DNS query and conclude which websites their users have visited. Internet service providers are also able to sell this information to advertisers.

Innovations such as DNS-over-HTTPS, or DoH, have added encryption to DNS queries. While this may dissuade bad actors who may wish to hijack DNS queries to point victims to malicious websites, DNS resolvers are still able to see which websites are being visited.

ODoH decouples DNS queries from individual users, so the DNS resolver cannot know which websites have been visited. This is achieved by encrypting the DNS query before passing it through a proxy server. This way, the proxy cannot see the query and the DNS resolver cannot see who originally sent it.

"What ODoH is meant to do is separate the information about who is making the query and what the query is," said Cloudflare's head of research, Nick Sullivan.

Page loading times and browsing speeds are said to be "practically indistinguishable" when using the ODoH protocol, according to Sullivan.

However, ODoH is only able to ensure privacy when the proxy and the DNS resolver are not controlled by the same entity. This means that ODoH will depend on companies offering to run proxies, otherwise the "separation of knowledge is broken."

While a few unnamed partner organizations are already running proxies, allowing early adopters to use ODoH using Cloudflare's 1.1.1.1 DNS resolver, the vast majority of users will have to wait until the technology is directly baked into browsers and operating systems.

Though it will likely first need to be certified as a standard by the Internet Engineering Task Force, considering that Apple was directly involved in developing the technology, it is not unreasonable to expect Apple to be among the first to integrate it in the future.

Tags: Apple privacy, CloudFlare

Top Rated Comments

chucker23n1 Avatar
chucker23n1
15 months ago

SO i can use it right now by just changing my DNS to 1.1.1.1?
No. That’ll change you to DoH, if your resolver supports it. ODoH isn’t yet implemented anywhere.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
ArPe
15 months ago

I use OpenDNS

https://en.wikipedia.org/wiki/OpenDNS

208.67.222.222
208.67.220.220
That doesn’t protect you from your ISP’s eyes and selling your browsing data. Ali and Bob in tech support still know you’re into dwarf domination cosplay.
Score: 8 Votes (Like | Disagree)
thederby Avatar
thederby
15 months ago

Who TF is "Fastly"?

only one of the top three CDNs on the planet.
Score: 7 Votes (Like | Disagree)
locovaca Avatar
locovaca
15 months ago

You have to trust the resolver and if you have content filtering in use that uses DNS based filtering, this is not a good thing. That said, I have found cloudflare to be very fast and secure. Since I do use content filtering and ad blocking, I use pihole with unbound and it has been great.
Yup, and now we’re running into the issue of apps and devices that ignore DNS servers offered up by your router and instead hardcode Google or others so they can defeat DNS based add blockers. This is just another attempt to keep ads working under the guise of “security.”
Score: 5 Votes (Like | Disagree)
Helmlein Avatar
Helmlein
15 months ago
DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.

And businesses will know how to configure their MITM-proxies to prevent (O-)DoH or DoT anyway; this will just help the likes of BlueCoat.

H.
Score: 5 Votes (Like | Disagree)
chucker23n1 Avatar
chucker23n1
15 months ago

DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.
Apple will most likely implement this in the OS, so…
Score: 3 Votes (Like | Disagree)
Read All Comments

Related Stories

f1623088657

Apple Announces iCloud+, Combines Paid Storage With Privacy Features Like Hide My Email

Monday June 7, 2021 11:00 am PDT by
At WWDC, Apple announced that iCloud is getting a premium subscription tier called "iCloud+," which includes "Private Relay" that allows users to browse the web through Safari with all information leaving their device remaining encrypted and access to "Hide My Email." One of the headlining features for iCloud+ is Private Relay, which, similarly to a VPN, ensures that all traffic leaving a...
Read Full Article147 comments
tracking disabled ios 14 5

Apple Rolling Out Fix for Greyed Out App Tracking Transparency Toggle

Wednesday May 19, 2021 1:54 am PDT by
Apple appears to be ironing out a bug that meant some iOS 14.5 users were unable to adjust the "Allow Apps to Request to Track" setting that was rolled out as part of Apple's App Tracking Transparency (ATT) feature. In iOS 14.5, iPadOS 14.5, and tvOS 14.5, ATT requires that apps ask for permission before tracking your activity across other companies' apps and websites for targeted...
Read Full Article18 comments
mozilla firefox banner

Firefox 87 Introduces 'SmartBlock' Private Browsing Feature to Fix Websites Broken By Tracking Protections

Wednesday March 24, 2021 1:58 am PDT by
Mozilla has released Firefox 87 for Macs, Windows, and Linux machines, introducing a new intelligent tracker blocking mechanism called SmartBlock. Since 2015, Firefox has included a built-in Content Blocking feature that automatically blocks third-party scripts, images, and other content from being loaded from cross-site tracking companies in Private Browsing windows and Strict Tracking...
Read Full Article59 comments
Podcasts Bugged Feature

Apple Investigating 'Problem' With Podcasts App That Began April 29 [Now Resolved]

Monday May 3, 2021 11:30 am PDT by
Apple's Podcasts platform is experiencing an "outage" for some users, according to the company's system status page. "Users are experiencing a problem with this service," wrote Apple. "We are investigating and will update the status as more information becomes available." Apple says the undisclosed problem began on April 29. Only some users are affected by the outage, according to Apple. ...
Read Full Article82 comments
play store google

Google to Limit Which Apps Can See Other Installed Apps on Android Devices, Evoking Similar Privacy Changes Apple Made in iOS 9

Saturday April 3, 2021 3:23 am PDT by
Google will soon make it harder for third-party apps to see what other apps are installed on a user's Android device, a policy change that evokes similar privacy protections Apple introduced in iOS 9, way back in 2015. According to XDA-Developers, upcoming amendments to Google's Developer Program Policy will limit which apps can access an Android user's full list of installed apps. As noted...
Read Full Article54 comments
eero 6 routers

Eero 6 and Pro 6 Routers Gain HomeKit Support

Tuesday May 25, 2021 11:11 am PDT by
Eero today released an iOS app update that includes new firmware for its Eero 6 and Pro 6 routers, introducing HomeKit support. HomeKit support for the Eero 6 allows the routers to be managed through the Home app on iPhone, iPad, and Mac. In the Home app, there are options to define how routers are able to communicate within the home and via the internet. With HomeKit integration, Eero...
Read Full Article66 comments
apple card 1

Apple Card Outage Persists for Several Hours [Resolved]

Wednesday June 2, 2021 10:06 am PDT by
If your Apple Card has not been working today, you are not alone. Apple's credit card has been suffering from a widespread outage that has persisted for several hours, according to Apple's system status page. "Users may not be able to manage their Apple Card, make payments, and may not see recent transactions," the page reads. Launched in the United States in August 2019, the Apple Card's ...
Read Full Article50 comments
app tracking transparency

Apple's Craig Federighi on App Tracking Transparency: 'Users Deserve and Need Control' of Data

Monday April 26, 2021 11:10 am PDT by
With Apple now enforcing its App Tracking Transparency rules with the release of iOS 14.5, The Wall Street Journal's Joanna Stern did an interview with Apple software engineering chief Craig Federighi to talk about Apple's aim with the feature and how it works. For those unfamiliar with App Tracking Transparency, it requires app developers to get express user permission before accessing a...
Read Full Article53 comments

Popular Stories

airpodsinear 1

AirPods Save Woman's Life With Feature Everyone Should Know

Friday January 21, 2022 2:13 am PST by
Apple's AirPods have been credited with saving a woman's life after a potentially fatal fall, People reports. When a 60-year-old florist in New Jersey tripped and hit her head in her studio, she lost consciousness and awoke heavily bleeding. With nobody around to call for help, she realized she had her AirPods in, and used a "Hey Siri" command to call 911. An operator was able to stay on the ...
Read Full Article
iphone 13 earpods

Apple to Stop Including EarPods With Every iPhone Sold in France From Next Week

Friday January 21, 2022 3:21 am PST by
Apple will no longer include EarPods with every iPhone sold in France, starting on January 24, according to a notice posted by a French carrier (via iGeneration). Apple was previously required to include EarPods in the box with the iPhone due to a French law that required every smartphone sold in the country to come with a "handsfree kit," but the law has now been changed in favor of reducing the ...
Read Full Article195 comments
peloton tv workout cardio

Apple Floated as Potential Buyer of Peloton

Friday January 21, 2022 6:11 am PST by
Following months of bleak news about Peloton's "precarious state," including the revelation that it has halted production of its bikes and treadmills, Apple is being floated as a potential buyer of Peloton's troubled fitness business. Yesterday, CNBC reported that Peloton will temporarily stop production of its connected fitness products due to a "significant reduction" in consumer demand, a ...
Read Full Article341 comments
Questionable Design Decisions

Apple's Most Questionable Design Decisions in Recent Memory

Sunday January 23, 2022 2:59 am PST by
Apple has always emphasized the depth of thought that goes into the design of its products. In the foreword to Designed by Apple in California, a photo book released by the company in 2016, Jony Ive explains how Apple strives "to define objects that appear effortless" and "so simple, coherent and inevitable that there could be no rational alternative." But every once in a while even Apple...
Read Full Article392 comments
Spring 2022 Apple Products Feature

New iPad Air, Macs, and iPhone SE With 5G Likely to Be Announced at Apple Event This Spring

Thursday January 20, 2022 8:32 am PST by
Earlier this week, Bloomberg's Mark Gurman tweeted that Apple "will be holding a spring event" to announce a new iPhone SE and other hardware. In a recent edition of his newsletter, Gurman said the event is likely to occur in March or April. Gurman did not elaborate on what "other hardware" will be announced at Apple's purported spring event, but rumors suggest at least four products are...
Read Full Article80 comments
Upcoming Products 2022 Feature

Gurman: Apple Preparing 'Widest Array of New Hardware Products in Its History' for Fall

Sunday January 23, 2022 10:32 am PST by
Apple is working on a number of new products that are set to launch this fall, and Bloomberg's Mark Gurman says that it will be "the widest array" of new devices that Apple has introduced in its history. In his latest "Power On" newsletter, Gurman explains that Apple is working on four new iPhones (5G iPhone SE, iPhone 14, iPhone 14 Pro, and iPhone 14 Pro Max), an updated low-end MacBook Pro,...
Read Full Article218 comments
apple watch series 7 aluminum colors yellowbg

Apple Watch Charging Bug Fixed in watchOS 8.4 Release Candidate

Thursday January 20, 2022 4:01 pm PST by
The watchOS 8.4 release candidate that was seeded to developers and beta testers this morning addresses an ongoing bug that could cause some Apple Watch chargers not to work properly with the Apple Watch. Back in December, we reported on a growing number of charging issues that Apple Watch Series 7 owners were facing. Since watchOS 8.3, there have been a number of complaints about...
Read Full Article26 comments
safari icon blue banner

macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

Thursday January 20, 2022 1:30 pm PST by
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities. As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
Read Full Article44 comments
apple college discounts

Apple Walks Back UNiDAYS Verification Requirement for U.S. Education Store

Friday January 21, 2022 12:43 pm PST by
Earlier this week, Apple began requiring that customers taking advantage of educational discounts in the United States verify their status as a teacher, student, or school staff member through UNiDAYS. The requirement was a major change as Apple had never asked customers to go through a verification process in the United States before, and now, just three days after verification was added,...
Read Full Article225 comments