Cloudflare and Apple launch privacy-focused DNS protocol

Oblivious DNS-over-HTTPS safeguards users' browsing habits from third parties

Cloudflare has proposed a DNS standard, co-authored with Apple, that aims to further improve internet privacy.

ODoH, which stands for Oblivious DNS-over-HTTPS, was developed by engineers from Cloudflare, Apple, and Fastly and works by separating IP addresses from queries in order to safeguard users’ browsing habits from third parties, including internet service providers.

The tool works by encrypting a DNS query and passing it through a proxy server between the user and the website they intend on visiting. Due to the DNS query being encrypted, the proxy has no way of identifying its contents and even prevents the DNS resolver from specifying who is the sender of the query. 

That is why the ‘O’ in ODoH stands for ‘oblivious’, because, as Cloudflare engineers Sudheesh Singanamalla and Tanya Verma explained on the company’s blog, “the target only knows about the proxy, the target and any upstream resolver are oblivious to the existence of any client IP addresses”.

“This puts clients in greater control over their queries and the ways they might be used. For example, clients could select and alter their proxies and targets any time, for any reason,” they added.

According to Cloudflare, ODoH does not negatively impact performance in any way, making prioritising privacy easier for its users.

The tool was launched with Cloudflare’s proxy partners, including PCCW, SURF, and Equinix. SURF technical product manager Joost van Dijk described the move to ODoH as “a true paradigm shift, where the users’ privacy or the IP address is not exposed to any provider, resulting in true privacy”. 

“With the launch of ODoH-pilot, we’re joining the power of Cloudflare’s network to meet the challenges of any users around the globe. The move to ODoH is not only a paradigm shift but it emphasizes how privacy is important to any users than ever, especially during 2020. It resonates with our core focus and belief around Privacy,” he added.

DNS-over-HTTPS has been met with some controversy in the UK due to its conflict with the Investigatory Powers Act, which requires that ISPs at least have the ability to capture information about their customers if so required by the state.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021
Misconfigured cloud services exposed 100 million Android users' data
data breaches

Misconfigured cloud services exposed 100 million Android users' data

21 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021