Apple and Cloudflare engineers say they’ve jointly developed a new privacy-focused internet protocol (dubbed Oblivious DNS-over-HTTPS, or ODoH for short), that will make it more difficult for your internet service provider to know which websites you visit.
Whenever you visit a website, your browser uses a DNS resolver to convert web addresses (mactrast.com, for example), to an IP address so it knows where to access the website or web page on the internet. The entire process is normally conducted in the open, leaving your online travels open to being monitored by your ISP and other nosy individuals.
ISPs love this because they can make extra income selling their users’ browsing history to advertisers and other Nosy Nellies.
Recent developments, like DNS-over-HTTPS (or DoH), add encryption to DNS queries, which makes it tougher for the bad actors of the world to hijack DNS queries and point victims to malicious websites instead of the real website you wanted to visit. However, that still doesn’t prevent DNS resolvers from seeing which website you’re visiting.
However, ODoH decouples the DNS queries from the internet user, preventing the DNS resolver from knowing which sites you visit.
TechCrunch tells us how it works:
ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.
“What ODoH is meant to do is separate the information about who is making the query and what the query is,” said Nick Sullivan, Cloudflare’s head of research.
ODoH ensures that only the proxy knows the identity of the internet user and that the DNS resolver only knows the website that is being requested. Sullivan says DoH shouldn’t cause any significant changes to browsing speed.
While a few partner organizations are already running proxies, which allow early adopters to begin using the technology via Cloudflare’s 1.1.1.1 DNS resolver. However, most users will need to wait until ODoH is included in browsers and operating systems.
