Apple and Cloudflare Develop New Privacy-Focused Internet Protocol

by

Cloudflare has today announced that it has developed a new internet protocol, in collaboration with engineers from Apple and Fastly, focused on privacy (via TechCrunch).

cloudflare logo dark

The protocol, dubbed "Oblivious DNS-over-HTTPS," or "ODoH," makes it more difficult for internet service providers to know which websites users have visited.

When visiting a website, browsers use a DNS resolver to convert web addresses into machine-readable IP addresses to locate where the page is located. However, this is an unencrypted process and ISPs can see the DNS query and conclude which websites their users have visited. Internet service providers are also able to sell this information to advertisers.

Innovations such as DNS-over-HTTPS, or DoH, have added encryption to DNS queries. While this may dissuade bad actors who may wish to hijack DNS queries to point victims to malicious websites, DNS resolvers are still able to see which websites are being visited.

ODoH decouples DNS queries from individual users, so the DNS resolver cannot know which websites have been visited. This is achieved by encrypting the DNS query before passing it through a proxy server. This way, the proxy cannot see the query and the DNS resolver cannot see who originally sent it.

"What ODoH is meant to do is separate the information about who is making the query and what the query is," said Cloudflare's head of research, Nick Sullivan.

Page loading times and browsing speeds are said to be "practically indistinguishable" when using the ODoH protocol, according to Sullivan.

However, ODoH is only able to ensure privacy when the proxy and the DNS resolver are not controlled by the same entity. This means that ODoH will depend on companies offering to run proxies, otherwise the "separation of knowledge is broken."

While a few unnamed partner organizations are already running proxies, allowing early adopters to use ODoH using Cloudflare's 1.1.1.1 DNS resolver, the vast majority of users will have to wait until the technology is directly baked into browsers and operating systems.

Though it will likely first need to be certified as a standard by the Internet Engineering Task Force, considering that Apple was directly involved in developing the technology, it is not unreasonable to expect Apple to be among the first to integrate it in the future.

Tags: Apple privacy, CloudFlare

Top Rated Comments

chucker23n1 Avatar
chucker23n1
11 months ago

SO i can use it right now by just changing my DNS to 1.1.1.1?
No. That’ll change you to DoH, if your resolver supports it. ODoH isn’t yet implemented anywhere.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
ArPe
11 months ago

I use OpenDNS

https://en.wikipedia.org/wiki/OpenDNS

208.67.222.222
208.67.220.220
That doesn’t protect you from your ISP’s eyes and selling your browsing data. Ali and Bob in tech support still know you’re into dwarf domination cosplay.
Score: 8 Votes (Like | Disagree)
thederby Avatar
thederby
11 months ago

Who TF is "Fastly"?

only one of the top three CDNs on the planet.
Score: 7 Votes (Like | Disagree)
locovaca Avatar
locovaca
11 months ago

You have to trust the resolver and if you have content filtering in use that uses DNS based filtering, this is not a good thing. That said, I have found cloudflare to be very fast and secure. Since I do use content filtering and ad blocking, I use pihole with unbound and it has been great.
Yup, and now we’re running into the issue of apps and devices that ignore DNS servers offered up by your router and instead hardcode Google or others so they can defeat DNS based add blockers. This is just another attempt to keep ads working under the guise of “security.”
Score: 5 Votes (Like | Disagree)
Helmlein Avatar
Helmlein
11 months ago
DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.

And businesses will know how to configure their MITM-proxies to prevent (O-)DoH or DoT anyway; this will just help the likes of BlueCoat.

H.
Score: 5 Votes (Like | Disagree)
chucker23n1 Avatar
chucker23n1
11 months ago

DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.
Apple will most likely implement this in the OS, so…
Score: 3 Votes (Like | Disagree)
Read All Comments

Top Stories

f1623088657

Apple Announces iCloud+, Combines Paid Storage With Privacy Features Like Hide My Email

Monday June 7, 2021 11:00 am PDT by
At WWDC, Apple announced that iCloud is getting a premium subscription tier called "iCloud+," which includes "Private Relay" that allows users to browse the web through Safari with all information leaving their device remaining encrypted and access to "Hide My Email." One of the headlining features for iCloud+ is Private Relay, which, similarly to a VPN, ensures that all traffic leaving a...
Read Full Article147 comments
tracking disabled ios 14 5

Apple Rolling Out Fix for Greyed Out App Tracking Transparency Toggle

Wednesday May 19, 2021 1:54 am PDT by
Apple appears to be ironing out a bug that meant some iOS 14.5 users were unable to adjust the "Allow Apps to Request to Track" setting that was rolled out as part of Apple's App Tracking Transparency (ATT) feature. In iOS 14.5, iPadOS 14.5, and tvOS 14.5, ATT requires that apps ask for permission before tracking your activity across other companies' apps and websites for targeted...
Read Full Article18 comments
mozilla firefox banner

Firefox 87 Introduces 'SmartBlock' Private Browsing Feature to Fix Websites Broken By Tracking Protections

Wednesday March 24, 2021 1:58 am PDT by
Mozilla has released Firefox 87 for Macs, Windows, and Linux machines, introducing a new intelligent tracker blocking mechanism called SmartBlock. Since 2015, Firefox has included a built-in Content Blocking feature that automatically blocks third-party scripts, images, and other content from being loaded from cross-site tracking companies in Private Browsing windows and Strict Tracking...
Read Full Article59 comments
Podcasts Bugged Feature

Apple Investigating 'Problem' With Podcasts App That Began April 29 [Now Resolved]

Monday May 3, 2021 11:30 am PDT by
Apple's Podcasts platform is experiencing an "outage" for some users, according to the company's system status page. "Users are experiencing a problem with this service," wrote Apple. "We are investigating and will update the status as more information becomes available." Apple says the undisclosed problem began on April 29. Only some users are affected by the outage, according to Apple. ...
Read Full Article82 comments
play store google

Google to Limit Which Apps Can See Other Installed Apps on Android Devices, Evoking Similar Privacy Changes Apple Made in iOS 9

Saturday April 3, 2021 3:23 am PDT by
Google will soon make it harder for third-party apps to see what other apps are installed on a user's Android device, a policy change that evokes similar privacy protections Apple introduced in iOS 9, way back in 2015. According to XDA-Developers, upcoming amendments to Google's Developer Program Policy will limit which apps can access an Android user's full list of installed apps. As noted...
Read Full Article54 comments
eero 6 routers

Eero 6 and Pro 6 Routers Gain HomeKit Support

Tuesday May 25, 2021 11:11 am PDT by
Eero today released an iOS app update that includes new firmware for its Eero 6 and Pro 6 routers, introducing HomeKit support. HomeKit support for the Eero 6 allows the routers to be managed through the Home app on iPhone, iPad, and Mac. In the Home app, there are options to define how routers are able to communicate within the home and via the internet. With HomeKit integration, Eero...
Read Full Article64 comments
apple card 1

Apple Card Outage Persists for Several Hours [Resolved]

Wednesday June 2, 2021 10:06 am PDT by
If your Apple Card has not been working today, you are not alone. Apple's credit card has been suffering from a widespread outage that has persisted for several hours, according to Apple's system status page. "Users may not be able to manage their Apple Card, make payments, and may not see recent transactions," the page reads. Launched in the United States in August 2019, the Apple Card's ...
Read Full Article50 comments
app tracking transparency

Apple's Craig Federighi on App Tracking Transparency: 'Users Deserve and Need Control' of Data

Monday April 26, 2021 11:10 am PDT by
With Apple now enforcing its App Tracking Transparency rules with the release of iOS 14.5, The Wall Street Journal's Joanna Stern did an interview with Apple software engineering chief Craig Federighi to talk about Apple's aim with the feature and how it works. For those unfamiliar with App Tracking Transparency, it requires app developers to get express user permission before accessing a...
Read Full Article53 comments
apple findmy network feature

Find My Network Exploited to Send Messages

Wednesday May 12, 2021 8:11 am PDT by
An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher. Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the...
Read Full Article45 comments
Google Chrome Material Icon 450x450

Judge Rules Google Must Face Lawsuit Alleging Chrome Tracks Users in Incognito Mode

Sunday March 14, 2021 6:19 am PDT by
A judge in California has ruled that Google must face a class action lawsuit alleging that it secretly tracks the online activity of Chrome users even when they're using the browser in its privacy-oriented Incognito mode (via Bloomberg). The lawsuit was filed in June by three plaintiffs alleging that Google hoovers up user data through Google Analytics, Google Ad Manager and other applications ...
Read Full Article278 comments