Apple and Cloudflare Develop New Privacy-Focused Internet Protocol

by

Cloudflare has today announced that it has developed a new internet protocol, in collaboration with engineers from Apple and Fastly, focused on privacy (via TechCrunch).

cloudflare logo dark

The protocol, dubbed "Oblivious DNS-over-HTTPS," or "ODoH," makes it more difficult for internet service providers to know which websites users have visited.

When visiting a website, browsers use a DNS resolver to convert web addresses into machine-readable IP addresses to locate where the page is located. However, this is an unencrypted process and ISPs can see the DNS query and conclude which websites their users have visited. Internet service providers are also able to sell this information to advertisers.

Innovations such as DNS-over-HTTPS, or DoH, have added encryption to DNS queries. While this may dissuade bad actors who may wish to hijack DNS queries to point victims to malicious websites, DNS resolvers are still able to see which websites are being visited.

ODoH decouples DNS queries from individual users, so the DNS resolver cannot know which websites have been visited. This is achieved by encrypting the DNS query before passing it through a proxy server. This way, the proxy cannot see the query and the DNS resolver cannot see who originally sent it.

"What ODoH is meant to do is separate the information about who is making the query and what the query is," said Cloudflare's head of research, Nick Sullivan.

Page loading times and browsing speeds are said to be "practically indistinguishable" when using the ODoH protocol, according to Sullivan.

However, ODoH is only able to ensure privacy when the proxy and the DNS resolver are not controlled by the same entity. This means that ODoH will depend on companies offering to run proxies, otherwise the "separation of knowledge is broken."

While a few unnamed partner organizations are already running proxies, allowing early adopters to use ODoH using Cloudflare's 1.1.1.1 DNS resolver, the vast majority of users will have to wait until the technology is directly baked into browsers and operating systems.

Though it will likely first need to be certified as a standard by the Internet Engineering Task Force, considering that Apple was directly involved in developing the technology, it is not unreasonable to expect Apple to be among the first to integrate it in the future.

Tags: Apple Privacy, CloudFlare

Popular Stories

mac mini thermal architecture feature

New Mac Mini Has Modular Storage, 256GB Model Will Have Faster SSD

Friday November 8, 2024 7:06 am PST by
Apple has returned to using two 128GB storage chips in the new Mac mini with 256GB of storage, according to a partial teardown video shared on social media today. This means the base-model Mac mini with the M4 chip will not have significantly slower SSD speeds compared to higher-end configurations of the computer with 512GB, 1TB, or 2TB of storage, as multiple NAND chips allows for faster SSD...
Read Full Article138 comments
best buy holiday

Best Buy Reveals Black Friday Plans With Sitewide Sales Available Now

Friday November 8, 2024 10:05 am PST by
Black Friday sales are continuing today with Best Buy kicking off early Black Friday deals that will last for the next few days. Similar to other retailers, Best Buy's early Black Friday event includes sitewide savings on Apple products, headphones, TVs, monitors, video games, and more. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may...
Read Full Article13 comments
iphone passcode green

Cops Suspect iOS 18 iPhones Are Communicating to Force Reboots, Making Unlocking Harder

Thursday November 7, 2024 2:20 pm PST by
Law enforcement officials in Detroit, Michigan are warning other police officers about an alleged iPhone change that causes Apple devices stored for forensic examination to spontaneously restart, reports 404 Media. iPhones that are undergoing examination have apparently been rebooting, which makes them harder to unlock with brute force methods, and Michigan police think that it's due to a...
Read Full Article95 comments
Generic iOS 18

Everything New in iOS 18.2 Beta 2

Monday November 4, 2024 12:34 pm PST by
Apple today seeded the second betas of upcoming iOS 18.2 and iPadOS 18.2 updates to developers, and Apple is continuing to refine the Apple Intelligence capabilities. There are also a handful of smaller features that are worth knowing about. Find My Find My has a new option to Share Item Location with an "airline or trusted person" that can help you locate something that you've misplaced....
Read Full Article63 comments
M4 MacBook Pros Thumb

M4 MacBook Pro Reviews: Processor Benchmarks Impress, New Nano-Texture Option Worth the Extra $150

Thursday November 7, 2024 6:14 am PST by
The first wave of reviews of Apple's new M4-powered MacBook Pro models were published this morning. We've collected some of the latest impressions from YouTube channels and select media outlets below. Apple last month announced the new 14-inch and 16-inch MacBook Pro models, adding next-generation M4, M4 Pro, and M4 Max chips, with Thunderbolt 5 ports on higher-end models, display and camera ...
Read Full Article56 comments
High Power Mode Feature 2

Apple Expands High Power Mode to MacBook Pro and Mac Mini Models With M4 Pro Chip

Thursday November 7, 2024 12:15 pm PST by
High Power Mode is available on the 14-inch MacBook Pro, 16-inch MacBook Pro, and Mac mini models with the M4 Pro chip, according to Ars Technica's Andrew Cunningham. The feature was previously limited to Macs with Apple's highest-end "Max" chip, so this is the first time it is available on Macs with a "Pro" chip. This is the second time that Apple has expanded availability of High Power...
Read Full Article41 comments
early apple watch black friday

The Best Early Black Friday Apple Watch Deals

Wednesday November 6, 2024 6:33 am PST by
Black Friday is just around the corner, and Apple Watch deals have begun appearing ahead of the shopping holiday on November 29. In this article, we'll take a look at all of the best early Black Friday Apple Watch deals, including the new Series 10 models. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small...
Read Full Article7 comments
iOS 18 Notes Feature

How to Fix iPhone Notes Disappearing After Accepting New iCloud Terms

Thursday November 7, 2024 7:57 am PST by
Apple in September updated its iCloud terms and conditions with some minor changes, and this week it has been notifying iPhone users that they must accept the revised terms in order to continue using iCloud. Unfortunately, after accepting the new terms, some iPhone users have seen all of their notes disappear in the Notes app. While some users have turned to social media to justifiably panic ...
Read Full Article43 comments

Top Rated Comments

chucker23n1 Avatar
chucker23n1
51 months ago

SO i can use it right now by just changing my DNS to 1.1.1.1?
No. That’ll change you to DoH, if your resolver supports it. ODoH isn’t yet implemented anywhere.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
ArPe
51 months ago

I use OpenDNS

https://en.wikipedia.org/wiki/OpenDNS

208.67.222.222
208.67.220.220
That doesn’t protect you from your ISP’s eyes and selling your browsing data. Ali and Bob in tech support still know you’re into dwarf domination cosplay.
Score: 8 Votes (Like | Disagree)
thederby Avatar
thederby
51 months ago

Who TF is "Fastly"?

only one of the top three CDNs on the planet.
Score: 7 Votes (Like | Disagree)
locovaca Avatar
locovaca
51 months ago

You have to trust the resolver and if you have content filtering in use that uses DNS based filtering, this is not a good thing. That said, I have found cloudflare to be very fast and secure. Since I do use content filtering and ad blocking, I use pihole with unbound and it has been great.
Yup, and now we’re running into the issue of apps and devices that ignore DNS servers offered up by your router and instead hardcode Google or others so they can defeat DNS based add blockers. This is just another attempt to keep ads working under the guise of “security.”
Score: 5 Votes (Like | Disagree)
Helmlein Avatar
Helmlein
51 months ago
DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.

And businesses will know how to configure their MITM-proxies to prevent (O-)DoH or DoT anyway; this will just help the likes of BlueCoat.

H.
Score: 5 Votes (Like | Disagree)
chucker23n1 Avatar
chucker23n1
51 months ago

DNS resolution is something that should be implemented for the OS, not in the browser. The browser in turn can query the OS resolver library. Therefore: thanks but no thanks. Better implement those in the OS resolver library, so ALL applications can benefit.
Apple will most likely implement this in the OS, so…
Score: 3 Votes (Like | Disagree)
Read All Comments