It became known that engineers at Cloudflare and Apple have developed a new Internet protocol that will increase the level of privacy when interacting with the web space. We are talking about the Oblivious DNS-over-HTTPS (ODoH) protocol, which will significantly complicate the process of tracking user activity while working on the Internet.
Every time a user visits a website, the browser uses a DNS resolver to convert the web page address into a machine-readable IP address to locate the resource on the Internet. This process is not encrypted, which means that every time the site is loaded, the DNS request is sent in clear text. This means that the DNS resolver receives information about which sites a particular user visits. If the DNS resolver has not been changed manually, then, as a rule, its role is played by an Internet service provider providing Internet access services. This approach is detrimental to privacy as the provider can sell traffic statistics to advertisers.
Recent developments such as DNS-over-HTTPS (DoH) allow DNS requests to be transmitted in encrypted form, which has greatly reduced the likelihood of being intercepted by attackers. However, this does not prevent the DNS resolver from seeing exactly which resources users are visiting. In contrast, ODoH decouples DNS requests from the user and prevents the DNS resolver from seeing exactly which sites are being visited.
As for the new Internet protocol, it not only adds encryption to the DNS request, but also passes it through a proxy server that acts as an intermediary between the user and the website he is trying to navigate to. Since the DNS request is encrypted, the proxy server not only does not see its contents, but it also prevents the DNS resolver from seeing who exactly sent the request.
“ODoH is designed to separate information about who is making the request and what the request is.“Said Nick Sullivan, head of research at Cloudflare.
To put it simply, ODoH ensures that the identity of the user is only known to the proxy server, and the DNS resolver receives data about the site he requested. Sullivan noted that page load times when using ODoH “almost indistinguishable“From DoH. A key condition for ODoH to function properly is to ensure that the proxy and DNS resolver never “colluded“, I.e. were not under the control of the same individuals.
Currently, several Cloudflare partners are using ODoH, so early adopters can already use the technology through the 184.108.40.206 DNS resolver. However, a wide range of users will have to wait a while for ODoH to become mainstream, as it requires the appropriate certification, and it can take months or even years to obtain.
If you notice an error, select it with the mouse and press CTRL + ENTER.