Apple and Cloudflare have developed an Internet Protocol to improve privacy
Apple and Cloudflare have developed an Internet Protocol to improve privacy

Apple engineers work with Cloudflare and Fastly to create Oblivious DNS, a new standard that makes it difficult to track what users are doing online.

The Internet has many means of protecting users' privacy, including encryption protocols and virtual private networks (VPNs). One of the easiest pieces of content to track is DNS (Domain Name System). The Domain Name System, which acts as the Internet's address book, allows the use of domain names associated with a specific website's Internet Protocol (IP) address, making the entire system more convenient for regular users.

However, due to the nature of DNS, it is clearly sent and received between devices and can be easily felt by third parties, making it a traceable item. Developments such as HTTPS-based DNS (also known as DoH) are making it difficult for outside forces to modify DNS queries to direct users to malicious websites while allowing user activity to be tracked.

To make DNS more private and challenging, a group of engineers from Apple, Cloudflare and Fastly have proposed a new standard, Oblivious DNS (called ODoH), which is based on HTTPS. By separating IP addresses from queries, ODoH provides the ability to secure DNS queries because not all parties can access IP addresses or perform queries at the same time.

The system works concurrently with the public key cipher and network proxies located between the client and the DoH server. The client encrypts the request and then sends it to the DoH server through the proxy. The DoH server can decrypt the request, send a response to the request, encrypt the response, and then send it back to the proxy, who then sends it back to the client.

In fact, the agent knows the encrypted message between the client and the DoH server, but he does not know the content of the message. At the same time, the DoH server knows the content of the message itself, but only the proxy address, not the client.

If the proxy server and the DoH server belong to the same entity and theoretically the message content and the client address can be combined, the rule of thumb is that the proxy server and the DoH server do not correspond. meaningless. In fact, this process ensures that the proxy server and the DoH server are owned by different companies.

Note that in addition to proxy servers, adding encryption and decryption to DNS queries has also caught the attention of some users who want to run their DNS queries as soon as possible. To fix these issues, Cloudflare claims that initial testing of ODoH configurations is actually very promising.

According to the company, the effect of the additional password is minimal, as almost 99% of the request time is only a fraction of a second.

Cloudflare and its partners (such as PCCW Global, Surf, Equinix) today launched ODoH Agents to encourage the use of Cloudflare DNS Distributors for further development and implementation. Deploy testing agents to everyone so that interested parties can take the tests.

Although current efforts aim to significantly improve the system, it may take time for consumers to take advantage of it. Even if Apple gets involved in the project, there's no guarantee that the standard will soon be used on iOS, macOS, or Safari.

Previous Post Next Post