Cloudflare has worked with Apple and cloud service provider Fastly to develop a new Domain Name System (DNS) standard designed to provide end consumers with better Internet privacy. The new protocol is called Oblivious DNS (ODoH) over HTTPS and is designed to anonymously send web browsing information to Internet providers. It also serves as an extension to the existing HTTP over DNS (DoH), designed to protect DNS requests sent from your computer to the server. Cloudflare has partnered with proxy providers such as Equinix, PCCW and SURF to provide a proxy for ODoH to help protect the privacy of end users.
The web browser uses a DNS resolver to convert the link you provide into a machine-readable IP address. This process helps you find the web page you want to visit on the system. But at the same time, it allows DNS resolvers (mainly Internet providers) to view the web page being loaded in the browser. This will affect your privacy every time you visit a webpage.
In the past, entities including Apple, Cloudflare, Google and Mozilla have all adopted DoH to solve privacy issues to some extent. This protocol makes it more difficult for bad actors to view DNS queries made by exchanging DNS packets using the HTTPS standard. However, DoH cannot fully help you protect the privacy of DNS resolvers. This is the real savior of ODoH.
The new protocol will be a proxy server between the client and the DNS server. This means that DNS resolvers (or Internet providers in short) will not be able to see where they get specific queries from. It helps protect your identity when processing DNS requests. However, your Internet Service Provider (ISP) can still view the websites you browse.
Cloudflare engineers work with Apple and Fastly to use DoH as part of ODoH to protect DNS requests while transmitting DNS requests between the system and the server.
As reported by TechCrunch, this process helps to ensure that the proxy only knows the identity of the user, and the DNS resolver only knows its webpage requests.
Cloudflare found that the response time on ODoH is almost “indistinguishable” from existing DoH. This shows that the browsing speed will not change significantly.
The agreement also includes a basic attribute that helps to ensure that the proxy server and the target server will never “close”. The goal is to preserve user privacy even when the proxy server or the target server is compromised. However, this also means that the new standard relies heavily on proxy servers used to transmit DNS requests.
Cloudflare initially implemented ODoH for its 188.8.131.52 DNS service. However, other similar services and web browsers have not yet adopted the new protocol. In addition, you may have to wait for a while to see the mass adoption of the latest development.
Will Apple Silicon launch an affordable MacBook in India? We discussed on the weekly technical podcast Orbital, you can subscribe via Apple Podcast, Google Podcast or RSS, download the episode, or click the play button below.