- Cloudflare engineers have partnered with proxy providers
- The new protocol protects user identity while processing DNS requests
- It is touted to have no significant impact on browsing speeds
Cloudflare has developed a new Domain Name System (DNS) standard with Apple and cloud service provider Fastly that is aimed to deliver better Internet privacy to end consumers. Called Oblivious DNS over HTTPS (ODoH), the new protocol is designed to anonymise Web browsing information before sending it to Internet providers. It also comes as an extension to the existing DNS over HTTPS (DoH) that is meant to protect DNS requests sent from your computer to a server. Cloudflare has partnered with proxy providers including Equinix, PCCW, and SURF to bring ODoH with a proxy to help protect end-user privacy.
Web browsers use a DNS resolver to convert the links you provide them to machine-readable IP addresses. This process helps locate webpages you want to access on your system. But at the same time, it allows DNS resolvers, that are mostly Internet providers, to look at which webpages you’re loading on your browser. This impacts your privacy each time when you access a webpage.
Entities including Apple, Cloudflare, Google, and Mozilla adopted DoH in the past to resolve privacy issues at some extent. That protocol helped make it harder for bad actors to look at the DNS queries you made by using the HTTPS standard for exchanging DNS packets. However, DoH doesn’t exactly help protect your privacy from DNS resolvers. This is where ODoH can be a real saviour.
The new protocol brings a proxy server between the client and the DNS server. This means that a DNS resolver — or simply put, an Internet provider — won’t be able to see from where they’re getting specific queries. It helps protect your identity while processing DNS requests. However, your Internet service provider (ISP) may still be able to see which websites you browse.
Cloudflare engineers, along with Apple and Fastly, have also used DoH as a part of ODoH to protect DNS requests while transporting them between your system and a server.
As reported by TechCrunch, the process helps ensure that the user identity has only been known to the proxy and their webpage request has only been known to the DNS resolver.
Cloudflare found that response times on ODoH are “virtually indistinguishable” from the existing DoH. This suggests that there would not be any noticeable changes on the part of browsing speed.
The protocol also includes a fundamental property that helps ensure that the proxy and the target servers never “collude.” This is aimed to retain user privacy even in case either the proxy or the target server is compromised. However, it also means that the new standard relies heavily on the proxy server it uses for transmitting DNS requests.
Cloudflare has initially implemented ODoH for its 220.127.116.11 DNS service. Other similar services and Web browsers are yet to embrace the new protocol, though. Moreover, you may need to wait for some time to see any mass adoption for the latest development.