Apple and Cloudflare Develop New Privacy-Focused Internet Protocol

Cloudflare has today announced that it has developed a new internet protocol, in collaboration with engineers from Apple and Fastly, focused on privacy (via TechCrunch).

cloudflare logo dark

The protocol, dubbed "Oblivious DNS-over-HTTPS," or "ODoH," makes it more difficult for internet service providers to know which websites users have visited.

When visiting a website, browsers use a DNS resolver to convert web addresses into machine-readable IP addresses to locate where the page is located. However, this is an unencrypted process and ISPs can see the DNS query and conclude which websites their users have visited. Internet service providers are also able to sell this information to advertisers.

Innovations such as DNS-over-HTTPS, or DoH, have added encryption to DNS queries. While this may dissuade bad actors who may wish to hijack DNS queries to point victims to malicious websites, DNS resolvers are still able to see which websites are being visited.

ODoH decouples DNS queries from individual users, so the DNS resolver cannot know which websites have been visited. This is achieved by encrypting the DNS query before passing it through a proxy server. This way, the proxy cannot see the query and the DNS resolver cannot see who originally sent it.

"What ODoH is meant to do is separate the information about who is making the query and what the query is," said Cloudflare's head of research, Nick Sullivan.

Page loading times and browsing speeds are said to be "practically indistinguishable" when using the ODoH protocol, according to Sullivan.

However, ODoH is only able to ensure privacy when the proxy and the DNS resolver are not controlled by the same entity. This means that ODoH will depend on companies offering to run proxies, otherwise the "separation of knowledge is broken."

While a few unnamed partner organizations are already running proxies, allowing early adopters to use ODoH using Cloudflare's 1.1.1.1 DNS resolver, the vast majority of users will have to wait until the technology is directly baked into browsers and operating systems.

Though it will likely first need to be certified as a standard by the Internet Engineering Task Force, considering that Apple was directly involved in developing the technology, it is not unreasonable to expect Apple to be among the first to integrate it in the future.

Top Rated Comments

chucker23n1 Avatar
21 months ago

SO i can use it right now by just changing my DNS to 1.1.1.1?
No. That’ll change you to DoH, if your resolver supports it. ODoH isn’t yet implemented anywhere.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
21 months ago

I use OpenDNS

https://en.wikipedia.org/wiki/OpenDNS

208.67.222.222
208.67.220.220
That doesn’t protect you from your ISP’s eyes and selling your browsing data. Ali and Bob in tech support still know you’re into dwarf domination cosplay.
Score: 8 Votes (Like | Disagree)
thederby Avatar
21 months ago

Who TF is "Fastly"?

only one of the top three CDNs on the planet.
Score: 7 Votes (Like | Disagree)
locovaca Avatar
21 months ago

You have to trust the resolver and if you have content filtering in use that uses DNS based filtering, this is not a good thing. That said, I have found cloudflare to be very fast and secure. Since I do use content filtering and ad blocking, I use pihole with unbound and it has been great.
Yup, and now we’re running into the issue of apps and devices that ignore DNS servers offered up by your router and instead hardcode Google or others so they can defeat DNS based add blockers. This is just another attempt to keep ads working under the guise of “security.”
Score: 5 Votes (Like | Disagree)
Helmlein Avatar
21 months ago
DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.

And businesses will know how to configure their MITM-proxies to prevent (O-)DoH or DoT anyway; this will just help the likes of BlueCoat.

H.
Score: 5 Votes (Like | Disagree)
chucker23n1 Avatar
21 months ago

DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.
Apple will most likely implement this in the OS, so…
Score: 3 Votes (Like | Disagree)

Related Stories

DaVinci Resolve 17 3 Color

DaVinci Resolve Video Editor Gains New Processing Engine That's Up to 3 Times Faster on M1 Macs

Friday August 20, 2021 3:57 am PDT by
Blackmagic Design has announced a new update to its professional video editing and color correction software, DaVinci Resolve, that includes a new processing engine offering significantly better performance on Apple silicon Macs. Thanks to the completely reworked engine, DaVinci Resolve 17.3 can work up to 3 times faster on Apple Mac models with the M1 chip, according to the company. The...
craig wwdc 2021 privacy

Report Highlights How Top Apple Executives Disagreed Over How Far iOS Anti-Tracking Measures Should Go

Monday March 14, 2022 7:19 am PDT by
A new report has highlighted how three top prominent executives initially found themselves at odds in early deliberations about Apple's App Tracking Transparency framework. According to the report from The Information, the executives who disagreed over how far Apple should go in protecting user privacy in digital advertising included Apple's Craig Federighi, who oversees software...
ios15 mail privacy feature

watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could Expose IP Addresses

Tuesday March 15, 2022 6:42 am PDT by
watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user's IP address when downloading remote content, security researchers have found. Last year, it emerged that Apple's Mail Privacy Protection feature was undermined by a lack of Apple Watch support. Mail Privacy Protection was a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP...
Apple One Apps Feature

iCloud and Many Other Apple Services Are Down or Experiencing Issues [Resolved]

Monday March 21, 2022 9:55 am PDT by
Apple is experiencing a widespread outage today, with a wide range of the company's services and apps down or experiencing issues currently. Affected services and apps include the App Store, iCloud, Siri, iMessage, iTunes Store, Apple Maps, Apple Music, Apple Podcasts, Apple Arcade, Apple Fitness+, Apple TV+, Find My, FaceTime, Notes, Stocks, and many others, according to complaints across...
webkit vs chromium feature

Should Apple Continue to Ban Rival Browser Engines on iOS?

Friday February 25, 2022 7:39 am PST by
Apple requires all apps that browse the web in iOS and iPadOS to use its own browser engine, WebKit, but amid accusations of anti-competitive conduct, should it continue to effectively ban rival browser engines? Big tech has been gripped by accusations of anti-competitive conduct in recent times, with Chief Executive of the UK's Competition and Markets Authority (CMA) Andrea Coscelli...
webkit logo

Web Developers Form Advocacy Group to Allow Other Browser Engines on iOS

Wednesday March 2, 2022 4:29 am PST by
Apple is being challenged by a group of developers to end WebKit's dominance on its mobile devices and allow other browser engines on iPhone and iPad, following accusations that the current situation amounts to anti-competitive conduct. For those unfamiliar with WebKit, Apple's browser engine powers Safari and other areas of the operating system where web content is displayed. Apple requires ...
apple tv plus up next website

Apple TV+ Website Gains Up Next Queue

Wednesday March 23, 2022 1:20 pm PDT by
Apple has updated its dedicated Apple TV+ website with an Up Next queue for shows, making it easier to keep track of and watch Apple TV+ content on the web. The Up Next queue is a new addition to the Apple TV+ website, introduced earlier this week, according to 9to5Mac. Prior to now, the Apple TV+ website had an option for adding a show to the Up Next queue, but the Up Next queue did not...
european parliament

EU Provisionally Agrees on Law That Would Force Apple to Allow Alternative App Stores, Sideloading, and iMessage Interoperability

Friday March 25, 2022 4:46 am PDT by
European lawmakers have provisionally agreed upon a new law that would force Apple to allow user access to third-party app stores and permit the sideloading of apps on iPhones and iPads, among other sweeping changes designed to make the digital sector fairer and more competitive. The European Council and European Parliament said on Friday they had reached a political agreement on the...

Popular Stories

macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
original iphone 2007

15 Years Ago Today, the iPhone Went On Sale

Wednesday June 29, 2022 4:43 am PDT by
Fifteen years ago to this day, the iPhone, the revolutionary device presented to the world by the late Steve Jobs, officially went on sale. The first iPhone was announced by Steve Jobs on January 9, 2007, and went on sale on June 29, 2007. "An iPod, a phone, an internet mobile communicator... these are not three separate devices," Jobs famously said. "Today, Apple is going to reinvent the...
maxresdefault

Video Comparison: M2 MacBook Pro vs. M1 MacBook Pro

Tuesday June 28, 2022 2:45 pm PDT by
Apple last week launched an updated version of the 13-inch MacBook Pro, and it is the first Mac that is equipped with an updated M2 chip. As it's using a brand new chip, we thought we'd pick up the M2 MacBook Pro and compare it to the prior-generation M1 MacBook Pro to see just what's new. Subscribe to the MacRumors YouTube channel for more videos. For the video comparison, we're using the...
iPhone vs Galaxy Larger

Apple Executive Says Samsung Copied the iPhone and Simply 'Put a Bigger Screen Around It'

Tuesday June 28, 2022 8:59 am PDT by
The Wall Street Journal's Joanna Stern today shared a new documentary about the evolution of the iPhone ahead of the 15th anniversary of the device launching on June 29, 2007. The documentary includes an interview with Apple's marketing chief Greg Joswiak, iPhone co-creator Tony Fadell, and a family of iPhone users. One segment of the interview reflects on Android smartphones gaining larger...
iPhone 11 Pro vs iPhone 14 Pro

iPhone 11 Pro vs. 14 Pro: New Features to Expect if You've Waited to Upgrade

Monday June 27, 2022 11:22 am PDT by
With many customers choosing to upgrade their iPhone every two or three years nowadays, there are lots of iPhone 11 Pro users who might be interested in upgrading to the iPhone 14 Pro later this year. Those people are in for a treat, as three years of iPhone generations equals a long list of new features and changes to look forward to. Below, we've put together a list of new features and...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
rootbug

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

Tuesday November 28, 2017 12:33 pm PST by
There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check. The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login...