Apple and Cloudflare Develop New Privacy-Focused Internet Protocol

Cloudflare has today announced that it has developed a new internet protocol, in collaboration with engineers from Apple and Fastly, focused on privacy (via TechCrunch).

cloudflare logo dark

The protocol, dubbed "Oblivious DNS-over-HTTPS," or "ODoH," makes it more difficult for internet service providers to know which websites users have visited.

When visiting a website, browsers use a DNS resolver to convert web addresses into machine-readable IP addresses to locate where the page is located. However, this is an unencrypted process and ISPs can see the DNS query and conclude which websites their users have visited. Internet service providers are also able to sell this information to advertisers.

Innovations such as DNS-over-HTTPS, or DoH, have added encryption to DNS queries. While this may dissuade bad actors who may wish to hijack DNS queries to point victims to malicious websites, DNS resolvers are still able to see which websites are being visited.

ODoH decouples DNS queries from individual users, so the DNS resolver cannot know which websites have been visited. This is achieved by encrypting the DNS query before passing it through a proxy server. This way, the proxy cannot see the query and the DNS resolver cannot see who originally sent it.

"What ODoH is meant to do is separate the information about who is making the query and what the query is," said Cloudflare's head of research, Nick Sullivan.

Page loading times and browsing speeds are said to be "practically indistinguishable" when using the ODoH protocol, according to Sullivan.

However, ODoH is only able to ensure privacy when the proxy and the DNS resolver are not controlled by the same entity. This means that ODoH will depend on companies offering to run proxies, otherwise the "separation of knowledge is broken."

While a few unnamed partner organizations are already running proxies, allowing early adopters to use ODoH using Cloudflare's 1.1.1.1 DNS resolver, the vast majority of users will have to wait until the technology is directly baked into browsers and operating systems.

Though it will likely first need to be certified as a standard by the Internet Engineering Task Force, considering that Apple was directly involved in developing the technology, it is not unreasonable to expect Apple to be among the first to integrate it in the future.

Popular Stories

iPhone 17 Pro Colors

Apple Announces iPhone 17 Pro and Pro Max With New Design, Larger Battery, and More

Tuesday September 9, 2025 10:59 am PDT by
Apple today introduced the iPhone 17 Pro and iPhone 17 Pro Max. Both devices feature a new aluminum unibody design, with the Ceramic Shield now protecting both the front and back sides. Apple says the front side is now Ceramic Shield 2, which offers 3x better scratch resistance, while the rear Ceramic Shield is advertised as 4x more resistant to cracks compared to the back glass on previous...
iPhone 17 Pro Colors

iPhone 17 and iPhone 17 Pro Models Are eSIM-Only in These Countries

Tuesday September 9, 2025 12:23 pm PDT by
Apple continues to phase out the physical SIM card tray on iPhones, with the latest models relying solely on eSIM technology in more countries. The new iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max support eSIMs only in these countries and regions, according to Apple: Bahrain Canada Guam Japan Kuwait Mexico Oman Qatar Saudi Arabia United Arab Emirates Un...
airpods translate

AirPods Live Translation Blocked for EU Users With EU Apple Accounts

Thursday September 11, 2025 4:01 am PDT by
Apple's new Live Translation feature for AirPods will be off-limits to millions of European users when it arrives next week, with strict EU regulations likely holding back its rollout. Apple says on its feature availability webpage that "Apple Intelligence: Live Translation with AirPods" won't be available if both the user is physically in the EU and their Apple Account region is in the EU....
iPhone 17 Pro Colors

iPhone 17 and iPhone 17 Pro: Release Date and Pre-Orders

Wednesday September 10, 2025 12:30 am PDT by
Apple held its annual iPhone event on Tuesday, September 9, to unveil the iPhone 17, ultra-thin iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max. All of the new iPhone models will be available to pre-order starting Friday, September 12 at 5 a.m. Pacific Time / 8 a.m. Eastern Time in the U.S. and dozens of other countries, according to Apple. The release date for the devices is one week...
iPhone 17 Pro Cosmic Orange

Skipping the iPhone 17 Pro? Here's What's Rumored for iPhone 18 Pro

Wednesday September 10, 2025 8:33 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are still a year away, there are already a few rumors about the devices that offer an early look ahead. If you are skipping the iPhone 17 Pro and want to know about what to expect from the iPhone 18 Pro models, we have recapped a few of the key rumors below. Under-Screen Face ID In April 2023, display industry analyst Ross Young shared a...
better iphone 17 lineup

Apple Lists iPhone 17, iPhone Air, and iPhone 17 Pro Battery Capacities

Tuesday September 9, 2025 1:25 pm PDT by
Apple has confirmed the battery capacities for the iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max models that were announced earlier today. Apple is required to publish energy labels on its iPhone product pages in the EU, and they reveal the official mAh battery capacities for the devices. Here are the battery capacities for each model, according to Apple: iPhone 17:...
iPhone 17 Pro Colors

Didn't Pre-Order a New iPhone Yet? Here's How Long the Wait is Now

Friday September 12, 2025 6:11 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began at 5 a.m. Pacific Time in the U.S. and many other countries today. If you have yet to place a pre-order, you might face a longer wait now, depending on your desired configuration. As of shortly after 6 a.m. Pacific Time today, nearly all iPhone 17 Pro Max configurations on Apple's online store in the U.S. are facing ...

Top Rated Comments

chucker23n1 Avatar
62 months ago

SO i can use it right now by just changing my DNS to 1.1.1.1?
No. That’ll change you to DoH, if your resolver supports it. ODoH isn’t yet implemented anywhere.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
62 months ago

I use OpenDNS

https://en.wikipedia.org/wiki/OpenDNS

208.67.222.222
208.67.220.220
That doesn’t protect you from your ISP’s eyes and selling your browsing data. Ali and Bob in tech support still know you’re into dwarf domination cosplay.
Score: 8 Votes (Like | Disagree)
thederby Avatar
62 months ago

Who TF is "Fastly"?

only one of the top three CDNs on the planet.
Score: 7 Votes (Like | Disagree)
locovaca Avatar
62 months ago

You have to trust the resolver and if you have content filtering in use that uses DNS based filtering, this is not a good thing. That said, I have found cloudflare to be very fast and secure. Since I do use content filtering and ad blocking, I use pihole with unbound and it has been great.
Yup, and now we’re running into the issue of apps and devices that ignore DNS servers offered up by your router and instead hardcode Google or others so they can defeat DNS based add blockers. This is just another attempt to keep ads working under the guise of “security.”
Score: 5 Votes (Like | Disagree)
Helmlein Avatar
62 months ago
DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.

And businesses will know how to configure their MITM-proxies to prevent (O-)DoH or DoT anyway; this will just help the likes of BlueCoat.

H.
Score: 5 Votes (Like | Disagree)
chucker23n1 Avatar
62 months ago

DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.
Apple will most likely implement this in the OS, so…
Score: 3 Votes (Like | Disagree)