Tech company Apple and web-infrastructure firm Cloudflare developed an internet protocol called Oblivious DNS-over-HTTPS (ODoH) that could address an internet privacy issue, said Tech Crunch. It uses encryptions to protect user data, especially browsing history.
ODoH prevents internet service providers (ISPs) from knowing which sites users visit during the domain name system (DNS) resolving process, in which web addresses are converted into IP addresses readable by a machine. Users’ DNS resolvers are usually the ISPs.
This conversion process is unencrypted, which allows internet providers to know any DNS query made, which means that they can sell users’ data to advertisers. ODoH’s code will be available publicly.
Previous developments including DNS-over-HTTPS (DoH) used encryption to make it difficult for cyber attackers to hijack domain name system queries to send victims to malicious websites. However, it still lets resolvers access browsing information.
Apple and Cloudflare’s ODoH improves previous work by Princeton specialists. It detaches DNS queries from the user, ensuring that ISPs are not able to identify who accessed which website.
It uses a layer of encryption on the query and uses a proxy server to intermediate the user and the website.
Cloudflare head of research Nick Sullivan said, “ODoH is meant to do is separate the information about who is making the query and what the query is.”
Aside from Apple, Cloudflare also worked with various proxy companies such as Equinix, PCCW, and SURF, said Tech Radar. Some browser companies also expressed their interest in working with the web-infrastructure and -security company.
In a blog post, Firefox CTO Eric Rescorla said, "Oblivious DoH is a great addition to the secure DNS ecosystem. We’re excited to see it starting to take off and are looking forward to experimenting with it in Firefox.”
One of the keys to the proper application of this new tech is to make sure that the DNS resolver and the proxy site never “collude,” as per Sullivan. To ensure this, the two should not be controlled by the same entity.
Without this measure, Sullivan said that the “separation of knowledge is broken.” However, this means that Cloudflare will need to find companies that offer to run proxy services.
The aforementioned proxy partners will be working with ODoH using Cloudflare’s 1.1.1.1 DNS resolver. However, the tech is yet to be implemented in browsers and operating systems, which means that it cannot be used as of the moment.
